Network Security, Vulnerability Management, Endpoint/Device Security

Active Palo Alto vulnerability exploitation puts over 22K firewalls at risk

(Credit: Rafael Henrique –

BleepingComputer reports that ongoing attacks exploiting the critical Palo Alto Networks PAN-OS command injection flaw, tracked as CVE-2024-3400, could still compromise nearly 22,500 Palo Alto GlobalProtect firewall instances around the world despite the availability of patches.

The U.S. had the highest number of vulnerable Palo Alto firewalls, followed by Japan, India, Germany, and the UK, according to the ShadowServer Foundation threat monitoring service.

Such a development comes days after more than 156,000 internet-exposed PAN-OS firewalls were observed by ShadowServer to have been susceptible to attacks. Intrusions exploiting the flaw have also been launched by state-sponsored threat operations tracked as UTA0218 to facilitate the deployment of the Upstyle backdoor, reported Volexity researchers, who also provided a proof-of-concept exploit for the security issue.

Mounting attempts to exploit the flaw from various IP addresses were also observed by Greynoise, which should prompt organizations with vulnerable instances to immediately apply the issued fixes.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.