April 26, 2024 at 07:00AM
Palo Alto Networks has issued guidance for mitigating a critical security flaw in PAN-OS, identified as CVE-2024-3400, which allows unauthenticated remote command execution. The flaw has been actively exploited as a zero-day by a potentially state-backed hacking group. Remediation advice varies depending on the level of compromise, including updating to the latest hotfix and performing data resets.
Key takeaways from the meeting notes on NewsroomNetwork Security / Zero Day:
Palo Alto Networks has provided remediation guidance for a critical security flaw (CVE-2024-3400) impacting PAN-OS, which has been actively exploited by a threat cluster tracked as UTA0218.
The vulnerability allows for unauthenticated remote command execution, and evidence suggests it has been exploited since at least March 26, 2024.
The exploit, codenamed Operation MidnightEclipse, involves dropping a Python-based backdoor called UPSTYLE to execute commands via specially crafted requests.
Remediation advice is provided based on the extent of compromise, ranging from updating to the latest hotfix for unsuccessful exploitation attempts to performing a factory reset for evidence of interactive command execution.
Performing a private data reset is recommended to eliminate the risk of potential misuse of device data.
The threat actor behind the exploitation is suspected to be state-backed, given the observed tradecraft and victimology.
For further updates and exclusive content, follow Palo Alto Networks on Twitter and LinkedIn.