Palo Alto GlobalProtect / PAN-OS 2024 Zero-Days.

A 2024 series of pre-authentication command-injection vulnerabilities in Palo Alto Networks PAN-OS — most notably CVE-2024-3400 (GlobalProtect, CVSS 10) — exploited as zero-days by state-aligned actors and added to the CISA KEV catalog. サイバーセキュリティの 脆弱性 カテゴリに属します。

A 2024 series of pre-authentication command-injection vulnerabilities in Palo Alto Networks PAN-OS — most notably CVE-2024-3400 (GlobalProtect, CVSS 10) — exploited as zero-days by state-aligned actors and added to the CISA KEV catalog.

In 2024 Palo Alto Networks PAN-OS suffered multiple pre-authentication critical vulnerabilities in customer-facing components, headlined by CVE-2024-3400 — an OS command-injection flaw in the PAN-OS GlobalProtect feature, disclosed in April 2024 with CVSS 10. The flaw allowed an unauthenticated attacker to send a crafted device telemetry message to a GlobalProtect-enabled firewall and gain root shell. Volexity and Unit 42 attributed early exploitation to UTA0218, a suspected state-aligned actor, and observed deployment of the 'UPSTYLE' Python implant on victim firewalls; later commodity exploitation expanded the victim pool. Subsequent 2024 PAN-OS issues included CVE-2024-9474 (privilege escalation in PAN-OS management web interface, CVSS 7.2, paired with CVE-2024-0012 authentication bypass) and a series of additional management-interface flaws that prompted Palo Alto to publish ongoing guidance: never expose the management interface to the internet, restrict device-telemetry sources, and disable unused features. CVE-2024-3400 and several siblings were added to the CISA KEV catalog. Like the Fortinet pattern, the 2024 PAN-OS issues reinforced the principle that perimeter security appliances themselves are now primary attack surfaces.

Palo Alto GlobalProtect / PAN-OS 2024 Zero-Days に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: CVE-2024-3400, UPSTYLE backdoor, PAN-OS GlobalProtect zero-day。