InfoSecBulletin Cybersecurity for mankind
A critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software. It is being used by attackers, but there are no patches to fix it yet. Palo Alto Networks issued an alert on April 12, 2024, thanking cybersecurity firm Volexity for discovering the flaw.
There is a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks’ PAN-OS software for certain versions. The zero-day vulnerability is identified as CVE-2024-3400 and has been given the highest severity score of 10.0 (CVSS).
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps
Alert
40,000 + live internet cameras exposed globally !
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched
84,000+ Roundcube instances vulnerable to actively exploited flaw
“Distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” Palo Alto said in the advisory.
Limited Active Exploitation:
The versions concerned are the following:
PAN-OS < 11.1.2-h3
PAN-OS < 11.0.4-h1
PAN-OS < 10.2.9-h1
The company also said that the vulnerability can only be exploited with firewalls that have the configurations for both GlobalProtect gateway (Network > GlobalProtect > Gateways) and device telemetry (Device > Setup > Telemetry) enabled.
The firm has confirmed a limited number of attacks using this vulnerability.
Upcoming Fixes for CVE-2024-3400:
Although there are no fixes available, Palo Alto issued some mitigation recommendations:
Apply a vulnerability protection security profile to the GlobalProtect interface to prevent exploitation
Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187
The firm announced the flaw will be fixed on April 14 during a series of hotfixes for PAN-OS versions 11.1.2-h3, 11.0.4-h1, and 10.2.9-h1.
CVE 2024-3385, Another (Fixed) Flaw in PAN-OS:
This advisory comes two days after another vulnerability was discovered in PAN-OS. This flaw allows a remote attacker to reboot firewalls and can cause a denial of service (DoS) attack. This issue was fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.
