The Download
Researchers at security firm Volexity claim nation state adversaries have been exploiting Palo Alto zero-Day, now known as CVE-2024-3400, in its Global Protect VPN service since March 26th. The vulnerability in Palo Alto Networks Global Protect VPN service, which is rated 10/10 in severity and disclosed April 12th, allows unauthenticated users to break into networks behind the firewall.
This new report indicates that the vulnerability was being actively exploited as a zero-day (a previously unknown vulnerability) from a few weeks prior to April 12th indicating a longer time window of exposure than previously known. This level of sophistication in zero-day exploitation is likely indicative of nation state adversaries behind the attacks.
What You Can Do
As we previously recommended, until a patch for PAN OS versions 10.2, 11.0 and 11.1 is made available by Palo Alto Networks, we recommend blocking access to the VPN service. An additional mitigation by Palo Alto Networks states that temporarily disabling device telemetry from Global Protect until the hotfix is available is a potential mitigation.
With a hotfix expected Sunday April 14th from the vendor, the hotfix should be applied immediately to block exploitation of the severe vulnerability.
Comments