Increased Scanning for PAN-OS GlobalProtect Vulnerability

First reported

02.10.2025 14:30

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

SANS Internet Storm Center has observed a significant rise in internet-wide scans targeting the critical PAN-OS GlobalProtect vulnerability (CVE-2024-3400). This flaw, disclosed last year, allows unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls. The scans involve attempts to upload and retrieve files, indicating potential pre-exploit staging activities. The vulnerability is a command injection flaw that can be exploited to gain unauthorized access and control over vulnerable firewalls. This development underscores the ongoing threat posed by unpatched systems and the importance of timely security updates. The scans are part of a broader trend of increased cyber activity targeting critical infrastructure and enterprise networks.

Timeline

02.10.2025 14:30 1 articles · 3h ago

Increased Scanning for PAN-OS GlobalProtect Vulnerability
SANS Internet Storm Center observed a significant rise in internet-wide scans targeting the critical PAN-OS GlobalProtect vulnerability (CVE-2024-3400). The scans involve attempts to upload and retrieve files, indicating potential pre-exploit staging activities. This vulnerability allows unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls. The scans are part of a broader trend of increased cyber activity targeting critical infrastructure and enterprise networks.
Show sources

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More — thehackernews.com — 02.10.2025 14:30
Open in new tab

Information Snippets

SANS Internet Storm Center detected a surge in internet-wide scans targeting the PAN-OS GlobalProtect vulnerability (CVE-2024-3400).
First reported: 02.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More — thehackernews.com — 02.10.2025 14:30
The vulnerability allows unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls.
First reported: 02.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More — thehackernews.com — 02.10.2025 14:30
The scans involve attempts to upload and retrieve files, suggesting pre-exploit staging activities.
First reported: 02.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More — thehackernews.com — 02.10.2025 14:30
The vulnerability was disclosed last year, highlighting the ongoing risk of unpatched systems.
First reported: 02.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More — thehackernews.com — 02.10.2025 14:30
The scans are part of a broader trend of increased cyber activity targeting critical infrastructure and enterprise networks.
First reported: 02.10.2025 14:30

1 source, 1 article
Show sources
- ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More — thehackernews.com — 02.10.2025 14:30