CyberSecurityBoard
Sponsor Register Login

Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400

The Palo Alto Networks vulnerability has been analyzed in depth by various sources and exploits.
We have gotten several reports of exploits being attempted against GlobalProtect installs.
We see scans for the GlobalProtect login page, but these scans predated the exploit.
VPN gateways have always been the target of exploits like brute forcing or credential stuffing attacks.
The exploit does exploit a path traversal vulnerability.
This vulnerability can create a file in a telemetry directory, and the content will be executed.
I modified the random file name in case it was specific to the target from which we received this example.
It also scanned for various other perimeter gateways.
The IP appears to be used by a US company but is assigned to a server located in Amsterdam, NL. https://labs.


This Cyber News was published on isc.sans.edu. Publication date: Tue, 16 Apr 2024 21:58:03 +0000


Cyber News related to Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400

Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
1 year ago Darkreading.com
A Leader in 2024 Forrester Enterprise Firewall Solutions Wave - Palo Alto Networks has long recognized these challenges, which is why we’ve built a network security platform that not only protects but also fosters business growth and innovation in today’s complex environment. We believe the recognition of ...
8 months ago Paloaltonetworks.com
Palo Alto Networks and Deloitte Expand Strategic Alliance Globally - 1, 2024 /PRNewswire/ -- Palo Alto Networks (NASDAQ: PANW) and Deloitte today announced an expansion of their strategic alliance into EMEA and JAPAC regions, making Palo Alto Networks® AI-powered cybersecurity solutions and joint offerings available ...
8 months ago Darkreading.com
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as ...
1 year ago Bleepingcomputer.com CVE-2024-3400 CVE-2024-34000
CVE-2022-0018 - An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the ...
3 years ago
Research Shows 163% ROI with Palo Alto Networks Software Firewalls - Good news is here for cloud and network security professionals who need proven, cost-effective solutions that substantially reduce downtime and breaches across a range of cloud and virtualized environments. Palo Alto Networks software firewalls not ...
1 year ago Paloaltonetworks.com
CISOs Grapple With IBM's Unexpected Cybersecurity Software Exit - IBM's surprise departure from cybersecurity software this week didn't just rearrange the competitive landscape - it also reshuffled the procurement plans and vendor relationships for many CISOs rebuilding their SOCs. IBM has agreed to sell the QRadar ...
1 year ago Darkreading.com
How to track and stop CVE-2024-3400: Palo Alto Devices API Exploit Causing Critical Infrastructure and Enterprise Epidemics - On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. Palo Alto has marked this ...
1 year ago Securityboulevard.com CVE-2024-3400
Patch Now: Palo Alto Flaw Exploited in the Wild - Indeed, researchers observed attackers making exploit attempts by chaining CVE-2025-0108 with two other PAN-OS Web management interface flaws — CVE-2024-9474, a privilege escalation flaw, and CVE-2025-0111, an authenticated file read vulnerability ...
4 months ago Darkreading.com CVE-2025-0108 CVE-2024-9474 CVE-2025-0111
CVE-2022-0019 - An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other ...
3 years ago
CVE-2020-2004 - Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue ...
5 years ago
Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms - Today, we are pleased to announce that Palo Alto Networks has been named a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms. Before we dive into the significance of this year's Magic Quadrant for EPP, I want to take a ...
1 year ago Paloaltonetworks.com
Unlocking the Economic Benefit of NGFWs - Cyberthreats are increasing in volume and complexity, making it difficult for network defenders to protect their organizations. Threat actors are evolving their tools and techniques, finding new ways to employ artificial intelligence to avoid ...
1 year ago Paloaltonetworks.com
Palo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIA - With NVIDIA accelerated computing and AI software, cybersecurity leaders like Palo Alto Networks can safeguard vast amounts of sensitive information with unprecedented speed and accuracy, ushering in a new era of AI-driven data protection. The ...
8 months ago Paloaltonetworks.com
CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the operating system powering the ...
4 months ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-0012 CVE-2024-9474
CVE-2021-3057 - A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: ...
3 years ago
Vulnerability Recap 4/15/24: Palo Alto, Microsoft, Ivanti Exploits - Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users' data security. Multiple Vulnerabilities Discovered in LG WebOS Smart TVs. Type of vulnerability: Authorization bypass, ...
1 year ago Esecurityplanet.com CVE-2024-21894 CVE-2024-29990 CVE-2024-3383 CVE-2024-3400
Providing Optimal Cloud Security Outcomes Through StateRAMP - Palo Alto Networks reaches a significant milestone as our commitment to comprehensive security achieves the largest number of StateRAMP marketplace approved cybersecurity offerings. In its commitment to be the state and local government's ...
1 year ago Paloaltonetworks.com
RedTail Malware Abuses Palo Alto Flaw in Latest Cryptomining Campaign - Hackers with possible ties to the notorious North Korea-linked Lazarus Group are exploiting a recent critical vulnerability in Palo Alto Network's PAN-OS software to run a sophisticated cryptomining operation that likely has nation-state backing. In ...
1 year ago Securityboulevard.com CVE-2024-3400 CVE-2023-46805 CVE-2024-21887 Andariel Lazarus Group
Investing in Cloud Infrastructure in the Kingdom of Saudi Arabia - Digital transformation is at the heart of the Kingdom of Saudi Arabia's ambitious Vision 2030 program as the nation looks to future-proof its economy and enhance people's lives. The Kingdom is looking to diversify its economy and develop public ...
1 year ago Paloaltonetworks.com
Palo Alto Networks Completes Acquisition of Talon - Palo Alto Networks announced today that it has completed the acquisition of Talon Cyber Security, an Israeli startup selling a secure browser technology to enterprise customers. Palo Alto first announced plans to buy Talon in November 2023 in a deal ...
1 year ago Securityweek.com
SentinelOne vs Palo Alto Cortex XDR: Which Tool is Best? - SentinelOne and Palo Alto are two of the top brands in this space, and this comparison will help you decide if either one of the company's tools is right for you. SentinelOne's Singularity platform offers four subscription tiers that include their ...
1 year ago Techrepublic.com
Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400 - The Palo Alto Networks vulnerability has been analyzed in depth by various sources and exploits. We have gotten several reports of exploits being attempted against GlobalProtect installs. We see scans for the GlobalProtect login page, but these scans ...
1 year ago Isc.sans.edu
CVE-2025-0133 - A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's ...
1 month ago
See How Our Cloud-Delivered Security Services Provide 357% ROI - Investing in Palo Alto Networks Cloud-Delivered Security Services provided a 357% return on investment and net present value of $10.04 million over 3 years, along with a 6-month payback period, according to a recently released Forrester Consulting ...
1 year ago Paloaltonetworks.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)