Palo Alto ZeroDay Exploited in The Wild Following PoC Release

18 April 2024

The threat actors are now actively exploiting this Palo Alto ZeroDay in the wild following the PoC release. Palo Alto ZeroDay Exploited Researchers identified vulnerabilities and developed an exploit for GlobalProtect in three days that targeted Palo Alto VPN-SSL solutions. WatchTowr explained a path traversal bug with a command injection resulting in a PoC via POST request to “…/ssl-vpn/hipreport.esp”. It permits command injection through the SESSID cookie, which can potentially drop webshells as cron jobs. Rapid7’s and WatchTowr’s PoCs spread quickly, followed by TrustedSec and ShadowServer reporting on some real attacks, while some of the earlier PoCs were fake or malicious. Expect widespread attacks soon since Palo Alto solutions are not audited enough.

Source: GBHackers

Date:

18 April 2024

Categorie(s):

NEWS

Tag(s):

Cyber Security News, PoC, Releases, Security Pro, Vulnerability

New Deep Instinct AI assistant bridges the gap in malware analysis1 May 2024
Adobe Adds Firefly and AI Watermarking to Bug Bounty Program1 May 2024
1 in 5 US Ransomware Attacks Triggers Lawsuit1 May 2024
A Vast New Dataset Could Supercharge the AI Hunt for Crypto Money Laundering1 May 2024
SlashNext unveils AI service to tackle increasing spam and ‘graymail’1 May 2024