Palo Alto Networks Warns of Critical Zero-Day Vulnerability in PAN-OS
Palo Alto Networks has warned of a critical zero-day vulnerability (CVE-2024-3400) in its PAN-OS software, dubbed Operation MidnightEclipse. The vulnerability allows unauthorized actors to execute arbitrary code with root privileges on affected firewalls. The company advises users to apply hotfixes and enable specific threat prevention measures to address the issue.
The vulnerability enables post-exploitation activities, including the deployment of a Python-based backdoor named UPSTYLE via a cronjob. Palo Alto Networks has published an advisory detailing the backdoor's behavior, persistence mechanisms, and cleanup processes. The company offers Unit 42 Managed Threat Hunting XQL queries to help identify signs of exploitation within network logs.
The vulnerability affects firewalls running PAN-OS 10.2, 11.0, and 11.1 with specific features enabled. Security expert Erich Kron warns that organizations with vulnerable PAN-OS versions should take immediate action to mitigate the threat. Palo Alto Networks has detected targeted assaults exploiting this flaw, with a single threat actor identified so far, but potential for more actors to exploit the vulnerability exists.
The specific individual attacker exploiting the zero-day vulnerability has not been publicly identified. Palo Alto Networks urges users to apply hotfixes and enable threat prevention measures to protect against Operation MidnightEclipse. Collaboration in cybersecurity, as demonstrated by Volexity's discovery of the vulnerability, is crucial in combating emerging threats.
Read also:
- Pablo Escobar's Former Estate 'Hacienda Nápoles' to Be Transformed by Women's Organization
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- Compromised Wi-Fi Router Causes Airport Delays, Highlights Aviation Cybersecurity Gaps
- Dortmund Customs Find Wage, Employment, and Benefit Fraud in Hotel and Gastronomy Sector
