Palo Alto Networks this week responded to a newly discovered zero-day vulnerability in one of its widely used security products after malicious hackers began exploiting the bug to infiltrate corporate networks. Companies are urged to apply the patch.
The vulnerability, officially known as CVE-2024-3400, was discovered in a new version of PAN-OS software running on Palo Alto's GlobalProtect firewall products. Palo Alto rated this bug as maximum severity because this vulnerability could allow hackers to gain complete control of affected firewalls over the Internet without authentication. Hackers can easily exploit this bug remotely, putting thousands of businesses that rely on firewalls at risk of intrusion.
Palo Alto said customers should update affected systems and warned that the company is “aware of an increasing number of attacks” exploiting this zero-day. The explanation is that the company did not have time to fix the bug before it was maliciously exploited. Even more troubling, Palo Alto initially suggested disabling telemetry to mitigate this vulnerability, but this week said disabling telemetry would not prevent exploitation.
The company also said that proof-of-concept code has been released that allows anyone to launch attacks that exploit the zero-day.
The Shadow Server Foundation, a nonprofit organization that collects and analyzes data about malicious Internet activity, says its data shows that there are more than 156,000 potentially affected firewall devices in Palo Alto connected to the Internet. says it represents thousands of organizations.
Volexity, the security firm that first discovered the vulnerability and reported it to Palo Alto, said it found evidence of malicious exploitation dating back to March 26, about two weeks before Palo Alto released a patch. According to Volexity, a government-sponsored attacker, which the company calls her UTA0218, exploited the vulnerability to plant a backdoor and gain further access to victims' networks. The government or nation to which UTA0218 belongs is still unknown.
The Palo Alto zero-day is the latest in a number of vulnerabilities discovered in recent months targeting corporate security devices such as firewalls, remote access tools, and VPN products. These devices sit at the edge of corporate networks and act as digital gatekeepers, but they tend to harbor significant vulnerabilities that render security and defense moot.
Earlier this year, security vendor Ivanti fixed several critical zero-day vulnerabilities in Connect Secure, a VPN product that allows employees to remotely access corporate systems over the Internet. At the time, Volexity linked the intrusion to a Chinese-backed hacker group, and mass exploitation of the flaw soon followed. Given the widespread use of Ivanti products, the US government has warned federal agencies to patch their systems and the US National Security Agency is tracking potential exploits across the US defense industrial base. said.
Additionally, ConnectWise, the technology company that makes ScreenConnect, a popular screen-sharing tool used by IT administrators to provide remote technical support, has been accused of mass exploitation of corporate networks, which researchers consider “embarrassingly exploitable.” Fixed a vulnerability that led to
Read more on TechCrunch: