"Palo Alto Networks Fixes Zero-Day Exploited to Backdoor Firewalls"

Palo Alto Networks has started releasing hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls.  The "maximum severity" security flaw, CVE-2024-3400, affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with device telemetry and GlobalProtect (gateway or portal) enabled.  The company noted that unauthenticated threat actors can exploit it remotely to gain root code execution via command injection in low-complexity attacks that don't require user interaction.  Palo Alto Networks has fixed the security flaw in hotfix releases issued for PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, and PAN-OS 11.1.2-h3.  In the coming days, more hotfixes will be rolled out for later PAN-OS versions.  Security researchers at Volexity originally discovered the zero-day flaw and detected threat actors using it to backdoor PAN-OS devices using Upstyle malware, breach networks, and steal data.  

BleepingComputer reports: "Palo Alto Networks Fixes Zero-Day Exploited to Backdoor Firewalls"