CVE-2024-3400

intelligence gathering

Palo Alto Networks Firewall Exposed to Zero-Day Vulnerability, Hacker Groups Use Implanted Backdoor Programs to Steal Data

A critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks PAN-OS software has been actively exploited by the hacker group UTA0218 in an attack campaign codenamed "Operation Midnight Eclipse". The vulnerability allows attackers to plant a Python backdoor program, gain system privileges, and perform lateral movement and data theft on the victim's network. Affected devices include PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the GlobalProtect gateway and device telemetry enabled.Palo Alto Networks has issued a security advisory with a remediation patch, and recommends users update as soon as possible.

chief security officer
May 7, 2024
04.5K01