PAN-OS Zero-day Under Active Attack

In a recent security alert, Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified as CVE-2024-3400.

This zero-day flaw, found in the GlobalProtect Gateway, is currently under active exploitation by attackers.

The vulnerability is classified under CWE-77, indicating an improper neutralization of special elements used in a command (‘Command Injection’).

The Volexity team discovered a zero-day vulnerability in Palo Alto Networks’ PAN-OS GlobalProtect feature, which cybercriminals exploited at one of its network security monitoring customers.

CVE-2024-3400 allows attackers to execute arbitrary OS commands on the affected systems without proper authentication.

This severe security flaw poses a significant risk, as it could enable unauthorized individuals to gain control over the impacted devices, potentially leading to data theft, system compromise, and disruption of operations.

Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

Palo Alto Networks has acknowledged a limited number of attacks that have successfully exploited this vulnerability. The company is actively working on releasing hotfixes to address the issue across various versions of PAN-OS.

Researchers from Volexity discovered that an attacker, identified as UTA0218, tried to install a custom Python backdoor on the firewall.

The backdoor, dubbed UPSTYLE, enabled the attacker to run additional commands on the device through specific network requests. This report provides more information about the UPSTYLE backdoor.

Affected Versions and Hotfix Release Schedule

The following table outlines the affected versions of PAN-OS and the estimated arrival dates for the corresponding hotfix releases:

PAN-OS VersionVulnerableHotfix Release ETA
10.2.9Yes04/14/2024 (10.2.9-h1)
11.0.4Yes04/14/2024 (11.0.4-h1)
11.1.2Yes04/14/2024 (11.1.2-h3)

Palo Alto Networks has assured its customers that all subsequent versions of PAN-OS following these hotfix releases will include the necessary patches to mitigate the vulnerability.

Recommendations for PAN-OS Users

In light of this critical vulnerability, Palo Alto Networks urges all users of the affected PAN-OS versions to prepare for the upcoming hotfixes. Organizations should plan to apply these updates as soon as they become available to protect their networks from potential attacks.

Additionally, users are advised to monitor their systems for any signs of compromise and implement best cybersecurity hygiene practices. This includes regular system updates, the use of strong, unique passwords, and the implementation of multi-factor authentication where possible.

Palo Alto Networks has recently disclosed four high-severity vulnerabilities, CVE-2024-3382, CVE-2024-3383, and CVE-2024-3384, in its firewall products.

Make sure to stay tuned for further updates on this developing story, and ensure that your systems are promptly updated to safeguard against this significant security threat.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.