HomeVulnerabilityPalo Alto Networks Outlines Remediation for Important PAN-OS Flaw Beneath Attack

Palo Alto Networks Outlines Remediation for Important PAN-OS Flaw Beneath Attack

Palo Alto Networks has shared remediation steering for a lately disclosed essential security flaw impacting PAN-OS that has come below energetic exploitation.

The vulnerability, tracked as CVE-2024-3400 (CVSS rating: 10.0), could possibly be weaponized to acquire unauthenticated distant shell command execution on vulnerable units. It has been addressed in a number of variations of PAN-OS 10.2.x, 11.0.x, and 11.1.x.

There’s proof to counsel that the problem has been exploited as a zero-day since a minimum of March 26, 2024, by a risk cluster tracked as UTA0218.

The exercise, codenamed Operation MidnightEclipse, entails the usage of the flaw to drop a Python-based backdoor known as UPSTYLE that is able to executing instructions transmitted by way of specifically crafted requests.

Cybersecurity

The intrusions haven’t been linked to a identified risk actor or group, but it surely’s suspected to be a state-backed hacking crew given the tradecraft and the victimology noticed.

The newest remediation recommendation supplied by Palo Alto Networks relies on the extent of compromise –

  • Stage 0 Probe: Unsuccessful exploitation try – Replace to the newest supplied hotfix
  • Stage 1 Check: Proof of vulnerability being examined on the gadget, together with the creation of an empty file on the firewall however no execution of unauthorized instructions – Replace to the newest supplied hotfix
  • Stage 2 Potential Exfiltration: Indicators the place information like “running_config.xml” are copied to a location that’s accessible by way of internet requests – Replace to the newest supplied hotfix and carry out a Non-public Data Reset
  • Stage 3 Interactive entry: Proof of interactive command execution, such because the introduction of backdoors and different malicious code – Replace to the newest supplied hotfix and carry out a Manufacturing unit Reset
See also  Oracle WebLogic Server OS Command Injection Flaw Beneath Energetic Attack

“Performing a non-public information reset eliminates dangers of potential misuse of gadget information,” Palo Alto Networks stated. “A manufacturing unit reset is advisable as a result of proof of extra invasive risk actor exercise.”

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular