Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation.

The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in multiple versions of PAN-OS 10.2.x, 11.0.x, and 11.1.x.

The activity, codenamed Operation MidnightEclipse, entails the use of the flaw to drop a Python-based backdoor called UPSTYLE that’s capable of executing commands transmitted via specially crafted requests.

The latest remediation advice offered by Palo Alto Networks is based on the extent of compromise –

• Level 0 Probe: Unsuccessful exploitation attempt – Update to the latest provided hotfix

• Level 1 Test: Evidence of vulnerability being tested on the device, including the creation of an empty file on the firewall but no execution of unauthorized commands – Update to the latest provided hotfix

• Level 2 Potential Exfiltration: Signs where files like “running_config.xml” are copied to a location that is accessible via web requests – Update to the latest provided hotfix and perform a Private Data Reset

• Level 3 Interactive access: Evidence of interactive command execution, such as the introduction of backdoors and other malicious code – Update to the latest provided hotfix and perform a Factory Reset

“Performing a private data reset eliminates risks of potential misuse of device data,” Palo Alto Networks said. “A factory reset is recommended due to evidence of more invasive threat actor activity.”

Source: https://thehackernews.com/