Tag

Pan Os

All articles tagged with #pan os

cybersecurity1 year ago•2 min saved

Critical Palo Alto Firewall Vulnerabilities Actively Exploited

Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall management interface, which is being actively exploited to deploy web shells for persistent remote access. The flaw, with a CVSS score of 9.3, allows unauthenticated remote command execution and requires no user interaction. While patches are not yet available, users are urged to secure their management interfaces. The vulnerability is distinct from other recent critical flaws in Palo Alto Networks products, and there is no evidence linking the activities.

via The Hacker News|

#cybersecurity #network-security #palo-alto-networks

cybersecurity1 year ago•1 min saved

"Palo Alto Networks Issues Urgent Fixes for Exploited Zero-Day Vulnerabilities"

Palo Alto Networks has released urgent hotfixes to address a critical vulnerability (CVE-2024-3400) in its PAN-OS software, which is being actively exploited in the wild. The flaw, impacting GlobalProtect feature, could allow unauthenticated attackers to execute arbitrary code with root privileges on the firewall. Fixes are available for specific PAN-OS versions, with patches for other releases expected soon. The threat actor exploiting the flaw is tracked as Operation MidnightEclipse, with evidence of potential reconnaissance activity and deployment of a Python-based backdoor called UPSTYLE. Customers are advised to apply the hotfixes immediately to mitigate the risk.

via The Hacker News|

#cybersecurity #exploitation #palo-alto-networks

cybersecurity1 year ago•0 min saved

Palo Alto Networks Issues Critical Warning for PAN-OS Vulnerability

Palo Alto Networks has issued guidance for a command injection vulnerability (CVE-2024-3400) in PAN-OS versions 10.2, 11.0, and 11.1, with reports of active exploitation in the wild. CISA advises users to review the security advisory, apply mitigations, and update affected software when fixes are available, adding the vulnerability to its Known Exploited Vulnerabilities Catalog.

via CISA|

#cisa #command-injection #cybersecurity

network-security1 year ago•1 min saved

"CISA Issues Alert for Active Attacks on Palo Alto Networks and Sisense"

Palo Alto Networks has issued a warning about a critical vulnerability, CVE-2024-3400, in its PAN-OS software used in GlobalProtect gateways, with a maximum severity score. The flaw allows unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls. Versions PAN-OS < 11.1.2-h3, PAN-OS < 11.0.4-h1, and PAN-OS < 10.2.9-h1 are impacted, with fixes expected on April 14, 2024. The company is aware of limited attacks exploiting the vulnerability and recommends enabling Threat ID 95187 for protection. Cybersecurity firm Volexity discovered and reported the bug, and Chinese threat actors have been increasingly exploiting zero-day flaws in various network security products.

via The Hacker News|

#cybersecurity #globalprotect #network-security