InfoSecBulletin Cybersecurity for mankind
Palo Alto Networks released hotfixes to fix a serious security flaw in PAN-OS software, being actively exploited. The CVE-2024-3400 vulnerability has a critical CVSS score of 10.0. It is a command injection flaw in the globalProtect feature that allows an unauthenticated attacker to run any code with root privileges on the firewall.
Fixes for the shortcoming are available in the following versions –
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks
PAN-OS 10.2.9-h1
PAN-OS 11.0.4-h1, and
PAN-OS 11.1.2-h3
“This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled,” the company clarified in its updated advisory.
Cloud NGFW firewalls are not impacted by CVE-2024-3400. However, specific PAN-OS versions and feature configurations of firewall VMs managed by customers in the cloud are affected.
Palo Alto Networks Unit 42 is tracking the malicious activity under the name Operation MidnightEclipse.
Volexity attributed the activity to a group called UTA0218, and stated that CVE-2024-3400 has been used since at least March 26, 2024, to deploy a Python-based backdoor named UPSTYLE on the firewall, enabling the execution of commands through specially crafted requests.
