Today, CISA published a notice that it had added a command injection vulnerability (CVE-2024-3400) in Palo Alto Networks PanOS product used in Palo Alto Network (PAN) firewall devices to their Known Exploited Vulnerability (KEV) Catalog. The vulnerability was discovered by Volexity on April 10th being actively exploited in multiple organizations. Volexity reported the vulnerability to Palo Alto Networks on April 11th and PAN published their advisory today. Palo Alto Networks Unit42 has a detailed description of exploits of this vulnerability with indicators of compromise, and a discussion about tools that can be used to limit lateral movement post-exploitation.
Friday, April 12, 2024
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment