Critical Zero-Day Flaw in Palo Alto Firewalls Exposed by Operation MidnightEclipse
April 13, 2024Palo Alto Networks has reported a critical zero-day vulnerability, CVE-2024-3400, in its firewall products, allowing root-level remote code execution.
The security flaw impacts PAN-OS versions 10.2, 11.0, and 11.1 with GlobalProtect gateway and device telemetry features activated.
Volexity, a cybersecurity firm, identified the exploitation of this vulnerability in Operation MidnightEclipse, which is linked to the threat actor UTA0218.
Attackers have managed to install a Python backdoor on compromised devices, enabling the theft of sensitive credentials and files.
Palo Alto Networks recommends applying GlobalProtect-specific vulnerability protection or disabling device telemetry as temporary measures until fixed firmware is available.
The company is set to release updated firmware to address the issue on April 14, and suggests customers use Threat ID 95187 and a security profile as interim protections.
Germany's Federal Office for Information Security (BSI) has issued an alert, advising organizations to quickly implement the recommended mitigations and review their devices for signs of compromise.
The urgency of this matter is heightened by recent similar security breaches attributed to Chinese hackers, with this incident deemed more critical than past occurrences.
Summary based on 10 sources
Get a daily email with more Tech stories
Sources
Ars Technica • Apr 12, 2024
“Highly capable” hackers root corporate networks by exploiting firewall 0-dayBleepingComputer • Apr 12, 2024
Palo Alto Networks warns of PAN-OS firewall zero-day used in attacksThe Register • Apr 12, 2024
Zero-day exploited right now in Palo Alto Networks' GlobalProtect gatewaysThe Hacker News • Apr 12, 2024
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack