A critical zero-day vulnerability affecting Palo Alto Networks’ PAN-OS firewalls has been actively exploited since March 26th, leading the company to release hotfixes to address the issue. The vulnerability, known as CVE-2024-3400, impacts PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with specific features enabled.
Threat actors can exploit the flaw remotely to gain root code execution without the need for user interaction, posing a significant risk to affected devices. Palo Alto Networks has already issued hotfixes for PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, and PAN-OS 11.1.2-h3, with more updates planned for later versions.
Security firm Volexity confirmed the active exploitation of the vulnerability, linking it to state-sponsored threat actors using Upstyle malware to backdoor PAN-OS devices, breach networks, and steal data. The malicious activity, tracked under UTA0218, emphasizes the importance of applying the necessary mitigations to protect vulnerable devices.
In response to the threat, Palo Alto Networks advises admins to disable the affected features or apply threat prevention-based mitigations to safeguard their systems. The Cybersecurity and Infrastructure Security Agency (CISA) has also included CVE-2024-3400 in its Known Exploited Vulnerabilities catalog, urging federal agencies to take swift action to secure their devices.
