Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release

Palo Alto Networks firewall vulnerability CVE-2024-3400 increasingly exploited after PoC code has been released. 

The recently disclosed Palo Alto Networks firewall vulnerability tracked as CVE-2024-3400 is being increasingly exploited in attacks after proof-of-concept (PoC) code has been made available.

CVE-2024-3400 came to light on April 12, when Palo Alto Networks warned customers that it had become aware of attacks exploiting the zero-day. The flaw allows a remote, unauthenticated attacker to execute arbitrary code with root privileges on firewalls that have the GlobalProtect feature and device telemetry enabled.

Cybersecurity firm Volexity spotted the attacks involving exploitation of CVE-2024-3400. The company said a threat actor it tracks as UTA0218, which is likely a state-sponsored group, leveraged the vulnerability to move into internal networks and exfiltrate data. In some cases the attackers attempted to deploy a previously undocumented Python backdoor named Upstyle.

Volexity has not been able to link the attacks to any ...