Tech »  Topic »  Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge

Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge

1 week, 6 days ago   securityweek

Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. 

Palo Alto Networks has started releasing hotfixes for the recently disclosed zero-day vulnerability that is believed to have been exploited by state-sponsored threat actors, just as the first attribution attempts have been made.

Palo Alto Networks warned on Friday that firewalls powered by its PAN-OS operating system had been targeted in limited attacks through the exploitation of a vulnerability tracked as CVE-2024-3400, which allows a remote, unauthenticated attacker to execute arbitrary code with root privileges on the targeted firewalls. Appliances with GlobalProtect and device telemetry enabled are vulnerable to attacks.

The company initially only released mitigations, but on Sunday it started issuing hotfixes for impacted PAN-OS versions. Three hotfixes were released initially, with more expected to arrive throughout the week of April 15.

The Shodan and Censys search engines ...


Copyright of this story solely belongs to securityweek . To see the full text click HERE

More related news