Richard Staynings’ Post

Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root privileges on the firewall. https://lnkd.in/gWiJpqpS

Palo Alto's Unit42 threat intelligence team identified 20 new IP addresses attempting to exploit CVE-2024-3400, which "allows unauthenticated attackers to execute arbitrary code with root privileges". What if you could automatically block those IP addresses, and 80 million others associated with known threat actors, instantly before they ever reach your firewall? With Threater, you can.

Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root privileges on the firewall. "This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled," the company clarified in its updated advisory. https://lnkd.in/gfXBFktW #CyberSecurity #PaloAlto #hotfixes

If you are wanting to understand more on the 10.0 (that’s really really bad) Critical Vulnerability on Palo Alto Networks firewalls read this Interesting, it’s a case of two flaws that aren’t severe, but together are very very bad #builditcsecure #vulnerability #critical #patchnow

Palo Alto Networks has recently released hotfixes to address a maximum-severity security flaw impacting PAN-OS software. This vulnerability has come under active exploitation in the wild, making it a significant risk for those who use the software. The release of these hotfixes is a crucial step in ensuring the security and safety of your systems. As always, it is important to stay vigilant and up-to-date on the latest security measures to protect against potential threats. #vulnerability #exploit #devsecops #infosec

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. CVE-2024-47575 (CVSS score: 9.8) vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol. A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root privileges on the firewall. Fixes for the shortcoming are available in the following versions - PAN-OS 10.2.9-h1 PAN-OS 11.0.4-h1, and PAN-OS 11.1.2-h3 https://lnkd.in/eU23d_gR #Cybersecurity #CyberDefense #Microsoft #Microsoft365 #MicrosoftEntra #MicrosoftDefender #IAM #threathunting #securityoperations #DefenderCloudApp #AzureSentinel #threatdetection 

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol. "A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests," the company said in a Wednesday advisory. https://lnkd.in/dQmXvDxA