April 23, 2024 at 06:57AM
A recently disclosed Palo Alto Networks firewall vulnerability (CVE-2024-3400) has been exploited for at least a month, impacting Siemens’ Ruggedcom APE1808 devices. Siemens is preparing updates and providing workarounds. The vulnerability has been exploited in the wild, and there are concerns about state-sponsored threat actors. The Shadowserver Foundation has identified around 6,000 vulnerable devices.
From the provided meeting notes, the key takeaways are as follows:
1. Siemens’ Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual NGFW are susceptible to the recently disclosed CVE-2024-3400 vulnerability, which has been exploited in attacks for at least a month.
2. Siemens is preparing updates for the affected product and has provided workarounds and mitigations in the meantime.
3. The vulnerability, CVE-2024-3400, allows an unauthenticated attacker to execute arbitrary commands with elevated privileges on the compromised firewall.
4. The Shadowserver Foundation has tracked roughly 6,000 internet-exposed devices vulnerable to attacks exploiting CVE-2024-3400.
5. Exploitation of the vulnerability surged after proof-of-concept (PoC) code was made public, with state-sponsored threat actors believed to be the first to exploit the zero-day.
6. Cybersecurity firm Volexity has observed attacks using the vulnerability as early as March 26, involving the exfiltration of data and in some cases, deployment of a backdoor.
Additional related articles include the patching of a zero-day vulnerability in CrushFTP and the exploitation of a recent vulnerability in Fortinet FortiClient EMS.
These takeaways provide a clear understanding of the recent cybersecurity developments, particularly regarding the impact of the CVE-2024-3400 vulnerability on Siemens’ products and the broader implications for Palo Alto Networks firewalls.