April 15, 2024 at 09:04AM
Palo Alto Networks is addressing a zero-day vulnerability that has been exploited since March 26th to backdoor PAN-OS firewalls. The flaw affects certain firewalls and can be exploited remotely to gain root code execution. Hotfixes have been released, and additional security measures are available. The active exploitation has been confirmed by security firm Volexity.
Key Takeaways from Meeting Notes:
– Palo Alto Networks has released hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls.
– The maximum severity security flaw, known as CVE-2024-3400, affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with device telemetry and GlobalProtect enabled.
– Unauthenticated threat actors can exploit this vulnerability remotely to gain root code execution via command injection in low-complexity attacks that don’t require user interaction.
– Cloud NGFW, Panorama appliances, and Prisma Access are not exposed to attacks via this vulnerability.
– Admins awaiting a hotfix can disable the device telemetry feature on vulnerable devices until a patch is deployed. Those with an active ‘Threat Prevention’ subscription can also mitigate ongoing attacks by activating ‘Threat ID 95187′.
– Security firm Volexity confirmed Palo Alto Networks’ warning of active exploitation and believes state-sponsored threat actors are behind these ongoing attacks.
– Threat researcher Yutaka Sejiyama revealed that over 82,000 PAN-OS devices are exposed online and vulnerable to CVE-2024-3400 attacks, with 40% located in the United States.
– CISA has added CVE-2024-3400 to its Known Exploited Vulnerabilities (KEV) catalog and ordered federal agencies to secure their devices by applying threat mitigation rules or disabling the telemetry by April 19th.
Let me know if there’s anything else you would like me to do with these meeting notes!