Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack
26-Apr-24
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation.
The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in multiple versions of PAN-OS 10.2.x, 11.0.x, and 11.1.x.
There is evidence to suggest that the issue has been exploited as a zero-day since at least March 26, 2024, by a threat cluster tracked as UTA0218.
The activity, codenamed Operation MidnightEclipse, entails the use of the flaw to drop a Python-based backdoor called UPSTYLE that’s capable of executing commands transmitted via specially crafted requests.
Palo Alto Networks, on April 29, 2024, updated its advisory for CVE-2024-3400 to note that it’s “aware of proof-of-concept by third parties of post-exploit persistence techniques that survive resets and upgrades.”
“These techniques work on a device that is already compromised with interactive root level command execution,” it added. “Fixes and Threat Prevention signatures completely prevent remote command execution and hence stop any subsequent post-exploitation or persistence techniques.”
