Palo Alto Zero-Day Flaw Exploited Through Python Backdoor
State-sponsored hackers are exploiting a new zero-day flaw in Palo Alto Networks firewall software. Find out about the flaw, which impacts devices running PAN-OS, and the nature of the threat.
- Hackers are exploiting a zero-day vulnerability in Palo Alto firewalls and leveraging compromised devices to steal data and credentials.
- The flaw, CVE-2024-3400, enables remote code execution and privilege escalation in PAN-OS firewall software.
Palo Alto Networks has warned that hackers have been exploiting a new zero-day vulnerability in its PAN-OS firewall software since March 26. The vulnerability, CVE-2024-3400 (CVSS score: 10.0), enabled remote code execution and privilege escalation, resulting in breaches of internal networks and the theft of credentials and other sensitive data.
The flaw was first discovered by security firm Volexity on April 10, and the report provided details about the attacks emerging from the zero-day. According to the report, hackers installed Python-based custom backdoors into internal networks using Palo Alto firewalls. Furthermore, state-sponsored bad actors were highly suspected behind the attacks. Palo Alto made a patch for the vulnerability available for users on April 14th.
See More: Google Unveils Custom Arm-Based CPU and Data Center AI Chips
According to Palo Alto, the issue impacts PAN-OS versions 10.2, 11.0, and 11.1 configurations that already have the device telemetry and GlobalProtect gateway features enabled. The attacks leverage bash shell scripts to fetch commands on external servers through a cron job done through a manually managed access control list.
The Python files launch another script to run and decode embedded backdoor elements that allow the operation of the threat actor’s commands. The attacks are designed to avoid leaving any traces of the commands. Consequently, Palo Alto users are recommended to watch for signs of internal lateral movements from their firewall devices. The severity of the vulnerability has also resulted in the flaw being added to CISA’s catalog of Known Exploited Vulnerabilities (KEV). The attacks highlight the growing preference for edge devices as targets for threat actors with larger resources.
What do you think about Palo Alto’s firewall portfolio? Share your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
