April 15, 2024 at 03:50PM
Palo Alto Networks released hotfixes to address a zero-day bug (CVE-2024-3400) in PAN-OS software, allowing threat actors to deploy a Python backdoor on affected firewalls. The attacks were limited, but the potential for further exploitation exists. The US CISA has prioritized addressing the flaw, and security experts warn of the threat actor’s capability and control.
Key takeaways from the meeting notes:
1. Palo Alto Networks (PAN) released hotfixes on April 14 to address a zero-day bug (CVE-2024-3400) in multiple versions of its PAN-OS software that a threat actor is exploiting to deploy a Python backdoor on affected firewalls.
2. The flaw affects PAN-OS 10.2, 11.0, and 11.1 firewalls with both the GlobalProtect Gateway and device telemetry features enabled.
3. The attacks targeting the flaw have been described as limited in volume and attributed to a single threat cluster named “Operation Midnight Eclipse,” but the potential for other attackers exploiting the flaw has not been ruled out.
4. Temporary mitigation measures recommended include disabling device telemetry, and hotfix releases have been made available for affected software versions.
5. The US Cybersecurity and Infrastructure Agency (CISA) added CVE-2024-3400 to its catalog of known exploited vulnerabilities and has set a deadline for all civilian federal agencies to address the flaw by April 19.
6. Volexity discovered the flaw as a command injection vulnerability in PAN-OS GlobalProtect, allowing unauthenticated remote attackers to execute arbitrary code on affected systems.
7. PAN has recommended organizations unable to update their software immediately to disable device telemetry until they are able to update and re-enable it after upgrading.
Please let me know if you need more information or further details.