Zero-day exploited right now in Palo Alto Networks’ GlobalProtect gateways

Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways

April 12, 2024 at 06:52PM

Palo Alto Networks has issued a critical alert for a command-injection flaw in PAN-OS software, affecting firewall and VPN products. The flaw, with a top CVSS severity score, may allow unauthorized code execution. Updates to fix the vulnerability will arrive by April 14. Exploitation by threat actors has been observed, with mitigations and hotfixes provided for customers.

It appears that Palo Alto Networks has issued a critical alert regarding a command-injection vulnerability in its PAN-OS software, with a high severity score of 10 out of 10. The vulnerability may allow an unauthenticated attacker to execute remote code with root privileges on affected gateways, potentially leading to complete equipment control and network intrusion.

The affected configurations include PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 with GlobalProtect gateway and device telemetry enabled. It’s important to note that cloud firewalls, Panorama appliances, and Prisma Access are not affected.

Palo Alto Networks has named the exploitation of this vulnerability as Operation MidnightEclipse and has mentioned that they are actively working on providing permanent fixes. Mitigations include applying GlobalProtect-specific vulnerability protection and temporarily disabling device telemetry until the affected devices are upgraded to a fixed PAN-OS version.

Customers are advised to implement the provided mitigations and hotfixes as soon as possible. It’s also worth noting that the cybersecurity shop Volexity has been monitoring and detecting zero-day exploitation of this vulnerability by an identified threat actor.

Overall, Palo Alto Networks has expressed its top priority to be the security of its customers and is actively working on providing permanent fixes and notifying affected customers.

Full Article