Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified as CVE-2024-3400.

This zero-day flaw, found in the GlobalProtect Gateway, is currently under active exploitation by attackers.

CVE-2024-3400 allows attackers to execute arbitrary OS commands on the affected systems without proper authentication.

The threat actors are now actively exploiting this Palo Alto ZeroDay in the wild following the PoC release.

Palo Alto ZeroDay Exploited

Researchers identified vulnerabilities and developed an exploit for GlobalProtect in three days that targeted Palo Alto VPN-SSL solutions. 

WatchTowr explained a path traversal bug with a command injection resulting in a PoC via POST request to “…/ssl-vpn/hipreport.esp”.

It permits command injection through the SESSID cookie, which can potentially drop webshells as cron jobs.

Rapid7’s and WatchTowr’s PoCs spread quickly, followed by TrustedSec and ShadowServer reporting on some real attacks, while some of the earlier PoCs were fake or ...