針對防火牆危急漏洞CVE-2024-3400,Palo Alto Networks證實攻擊者有可能藉此持續存取受害裝置
· 2024-04-30

資安業者Palo Alto Networks近日針對防火牆作業系統危急漏洞CVE-2024-3400更新公告,指出他們分析已公開的概念性驗證程式碼,攻擊者有機會藉此在尚未修補的設備上持續活動,即使重設或升級,也無法因應,呼籲IT人員應儘速套用相關緩解措施

4月12日資安業者Palo Alto Networks發布資安公告,指出旗下防火牆存在危急漏洞CVE-2024-3400,CVSS風險評分達到10分,此漏洞存在於防火牆作業系統PAN-OS的GlobalProtect功能,未經授權的攻擊者有機會使用root權限,在防火牆上執行任意程式碼。

當時通報此事的資安業者Volexity指出,他們察覺這項漏洞的原因,是發現客戶的防火牆出現可疑的攻擊流量。Palo Alto也在17日證實,漏洞利用出現增加的情況,且有第三方公布概念性驗證程式碼(PoC),如今情況又有新的進展。

30日該公司再度更新資安公告,指出他們針對前述的PoC手法進行分析,確認一旦攻擊者加以利用,即使IT人員對防火牆進行升級或是重置,對方仍能持續在受害裝置上活動,並以root層級執行命令。

不過,該公司強調,套用修補程式或是Threat Prevention的特徵碼,都能完全阻絕遠端程式碼執行(RCE),從而攔阻上述的漏洞遭到後續利用的情況,再者,目前他們也尚未察覺前述PoC被用於攻擊行動的跡象。

Popular articles
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
What’s on the SBC Summit Conference Agenda in 2026?
Marketing
Indiana online casino bill stalls in House committee
Regulation
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
GAT Expo CDMX 2026 Kicks Off Today in Mexico with a Sold-Out Opening Reception at Big Bola Casino Santa Fe
Marketing
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
Global Game Connect (GGC) 2027 Officially Opens Sponsorship & Exhibition Opportunities in Sri Lanka!
HUIDU Focus
British gambling levy rates confirmed for each vertical
Regulation
Home
Game
Cooperation
Find
My