InfoSecBulletin Cybersecurity for mankind
Palo Alto Networks released hotfixes to fix a serious security flaw in PAN-OS software, being actively exploited. The CVE-2024-3400 vulnerability has a critical CVSS score of 10.0. It is a command injection flaw in the globalProtect feature that allows an unauthenticated attacker to run any code with root privileges on the firewall.
Fixes for the shortcoming are available in the following versions –
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
PAN-OS 10.2.9-h1
PAN-OS 11.0.4-h1, and
PAN-OS 11.1.2-h3
“This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled,” the company clarified in its updated advisory.
Cloud NGFW firewalls are not impacted by CVE-2024-3400. However, specific PAN-OS versions and feature configurations of firewall VMs managed by customers in the cloud are affected.
Palo Alto Networks Unit 42 is tracking the malicious activity under the name Operation MidnightEclipse.
Volexity attributed the activity to a group called UTA0218, and stated that CVE-2024-3400 has been used since at least March 26, 2024, to deploy a Python-based backdoor named UPSTYLE on the firewall, enabling the execution of commands through specially crafted requests.
