simontsui OP , 2 months ago Just to make it easier to read through the various reports (saying almost the same exact thing), I've assembled a Palo Alto Networks zero-day MEGA list: Palo Alto Networks security advisory: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway UPDATE: Volexity and Unit 42 talk about the threat actor, campaign, and include indicators of compromise: Volexity: Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) Unit 42: Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 Here's the rest of the related reporting: Zscaler: Another CVE (PAN-OS Zero Day), Another Reason to Consider Zero Trust The Register: Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways Bleeping Computer: Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (update) Palo Alto Networks zero-day exploited since March to backdoor firewalls SANS ISC: Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400) CERT-EU: Critical Vulnerability in PAN-OS software Qualys: PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) Rapid7: CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls The Hacker News: Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (update) Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack Security Week: Palo Alto Networks Warns of Exploited Firewall Vulnerability (update) State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls SOCRadar: Critical OS Command Injection Vulnerability in Palo Alto's GlobalProtect Gateway: CVE-2024-3400. The patch is not available yet. CISA: CISA Adds One Known Exploited Vulnerability to Catalog Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400 The Record: Palo Alto Networks warns of zero-day in VPN product Ars Technica:“Highly capable” hackers root corporate networks by exploiting firewall 0-day #CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #threatintel #IOC
Just to make it easier to read through the various reports (saying almost the same exact thing), I've assembled a Palo Alto Networks zero-day MEGA list:
UPDATE: Volexity and Unit 42 talk about the threat actor, campaign, and include indicators of compromise:
Here's the rest of the related reporting:
#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #threatintel #IOC