CyberSecurityBoard
Sponsor Register Login

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software.
Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as root via command injection in low-complexity attacks on vulnerable PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls if the device telemetry and GlobalProtect feature are enabled.
While Palo Alto Networks has started releasing hotfixes on Monday to secure unpatched firewalls exposed to attacks, the vulnerability has been exploited in the wild as a zero-day since March 26th to backdoor firewalls using Upstyle malware, pivot to internal networks, and steal data by a threat group believed to be state-sponsored and tracked as UTA0218.
Security threat monitoring platform Shadowserver says it sees more than 156,000 PAN-OS firewall instances on the Internet daily; however, it doesn't provide information on how many are vulnerable.
On Friday, threat researcher Yutaka Sejiyama also found over 82,000 firewalls vulnerable to CVE-2024-34000 attacks, 40% of which were in the United States.
One day after Palo Alto Networks started releasing CVE-2024-3400 hotfixes, watchTowr Labs also released a detailed analysis of the vulnerability and a proof-of-concept exploit that can be used to execute shell commands on unpatched firewalls.
TrustedSec Chief Technology Officer Justin Elze also shared an exploit seen in actual attacks, allowing attackers to download the firewall's configuration file.
In response to the attacks, CISA added CVE-2024-3400 to its Known Exploited Vulnerabilities catalog on Friday, ordering U.S. federal agencies to secure their devices within seven days by April 19th. If you're still waiting for a hotfix, disable the device telemetry feature on vulnerable devices until a patch is available.
If you have an active 'Threat Prevention' subscription, you can block ongoing attacks by activating 'Threat ID 95187' threat prevention-based mitigation.
Exploit released for Fortinet RCE bug used in attacks, patch now.
Palo Alto Networks fixes zero-day exploited to backdoor firewalls.
Palo Alto Networks zero-day exploited since March to backdoor firewalls.
Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks.
ScreenConnect critical bug now under attack as exploit code emerges.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 16 Apr 2024 18:40:29 +0000


Cyber News related to Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
9 months ago Darkreading.com
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as ...
10 months ago Bleepingcomputer.com
A Leader in 2024 Forrester Enterprise Firewall Solutions Wave - Palo Alto Networks has long recognized these challenges, which is why we’ve built a network security platform that not only protects but also fosters business growth and innovation in today’s complex environment. We believe the recognition of ...
4 months ago Paloaltonetworks.com
Patch Now: Palo Alto Flaw Exploited in the Wild - Indeed, researchers observed attackers making exploit attempts by chaining CVE-2025-0108 with two other PAN-OS Web management interface flaws — CVE-2024-9474, a privilege escalation flaw, and CVE-2025-0111, an authenticated file read vulnerability ...
3 days ago Darkreading.com
Palo Alto Networks and Deloitte Expand Strategic Alliance Globally - 1, 2024 /PRNewswire/ -- Palo Alto Networks (NASDAQ: PANW) and Deloitte today announced an expansion of their strategic alliance into EMEA and JAPAC regions, making Palo Alto Networks® AI-powered cybersecurity solutions and joint offerings available ...
4 months ago Darkreading.com
CVE-2018-0688 - Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, ...
6 years ago
CVE-2018-0689 - HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September ...
6 years ago
CISOs Grapple With IBM's Unexpected Cybersecurity Software Exit - IBM's surprise departure from cybersecurity software this week didn't just rearrange the competitive landscape - it also reshuffled the procurement plans and vendor relationships for many CISOs rebuilding their SOCs. IBM has agreed to sell the QRadar ...
9 months ago Darkreading.com
Research Shows 163% ROI with Palo Alto Networks Software Firewalls - Good news is here for cloud and network security professionals who need proven, cost-effective solutions that substantially reduce downtime and breaches across a range of cloud and virtualized environments. Palo Alto Networks software firewalls not ...
1 year ago Paloaltonetworks.com
CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the operating system powering the ...
4 days ago Cybersecuritynews.com
Palo Alto Networks tags new firewall bug as exploited in attacks - Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. "Palo Alto Networks has observed exploit ...
3 days ago Bleepingcomputer.com
How to track and stop CVE-2024-3400: Palo Alto Devices API Exploit Causing Critical Infrastructure and Enterprise Epidemics - On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. Palo Alto has marked this ...
10 months ago Securityboulevard.com
CVE-2022-0023 - An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the ...
2 years ago
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS - The security issue received a high-severity score and impacts the PAN-OS management web interface and allows an unauthenticated attacker on the network to bypass authentication and invoke certain PHP scripts, potentially compromising integrity ...
1 week ago Bleepingcomputer.com
RedTail Malware Abuses Palo Alto Flaw in Latest Cryptomining Campaign - Hackers with possible ties to the notorious North Korea-linked Lazarus Group are exploiting a recent critical vulnerability in Palo Alto Network's PAN-OS software to run a sophisticated cryptomining operation that likely has nation-state backing. In ...
8 months ago Securityboulevard.com
CVE-2020-2021 - When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an ...
4 years ago
Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms - Today, we are pleased to announce that Palo Alto Networks has been named a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms. Before we dive into the significance of this year's Magic Quadrant for EPP, I want to take a ...
1 year ago Paloaltonetworks.com
Unlocking the Economic Benefit of NGFWs - Cyberthreats are increasing in volume and complexity, making it difficult for network defenders to protect their organizations. Threat actors are evolving their tools and techniques, finding new ways to employ artificial intelligence to avoid ...
11 months ago Paloaltonetworks.com
Vulnerability Recap 4/15/24: Palo Alto, Microsoft, Ivanti Exploits - Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users' data security. Multiple Vulnerabilities Discovered in LG WebOS Smart TVs. Type of vulnerability: Authorization bypass, ...
10 months ago Esecurityplanet.com
CVE-2022-0024 - A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with ...
2 years ago
Palo Alto Networks Completes Acquisition of Talon - Palo Alto Networks announced today that it has completed the acquisition of Talon Cyber Security, an Israeli startup selling a secure browser technology to enterprise customers. Palo Alto first announced plans to buy Talon in November 2023 in a deal ...
1 year ago Securityweek.com
Palo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIA - With NVIDIA accelerated computing and AI software, cybersecurity leaders like Palo Alto Networks can safeguard vast amounts of sensitive information with unprecedented speed and accuracy, ushering in a new era of AI-driven data protection. The ...
4 months ago Paloaltonetworks.com
SentinelOne vs Palo Alto Cortex XDR: Which Tool is Best? - SentinelOne and Palo Alto are two of the top brands in this space, and this comparison will help you decide if either one of the company's tools is right for you. SentinelOne's Singularity platform offers four subscription tiers that include their ...
8 months ago Techrepublic.com
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenConfig plugin. Tracked as CVE-2025-0110, the flaw ...
2 days ago Cybersecuritynews.com
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - Palo Alto Networks has disclosed a critical vulnerability (CVE-2025-010) in its PAN-OS software that could allow attackers to bypass authentication on the management web interface. While the vulnerability is rated as HIGH severity, Palo Alto Networks ...
1 week ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)