CyberNews Briefs

Massive Zero-Day Hole Found in Palo Alto Security Appliances

Researchers discovered a massive zero-day hole in Palo Alto Networks security appliances that have since been patched allow for unauthenticated RCE and affect roughly 10,000 VPN/firewalls. Researchers developed a working exploit to gain remote code execution via the vulnerability in a security appliance from Palo Alto Networks. The critical zero-day is tracked as CVE-2021-3064 and has a CVSS rating of 9.8 out of 10 for severity. The flaw lies in Palo Alto’s GlobalProtect firewall.

On Wednesday, Randori researchers stated that if an attacker can successfully exploit the vulnerability, they can gain a shell on the targeted system, access data, and extract credentials. Once the attacker successfully establishes control over the firewall, they will boast visibility into the internal network and will be able to move laterally, says Randori.

Read More: Massive Zero-Day Hole Found in Palo Alto Security Appliances

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.