Palo Alto Networks has reported a critical zero-day vulnerability, CVE-2024-3400, in its firewall products, allowing root-level remote code execution.

The security flaw impacts PAN-OS versions 10.2, 11.0, and 11.1 with GlobalProtect gateway and device telemetry features activated.

Volexity, a cybersecurity firm, identified the exploitation of this vulnerability in Operation MidnightEclipse, which is linked to the threat actor UTA0218.

Attackers have managed to install a Python backdoor on compromised devices, enabling the theft of sensitive credentials and files.

Palo Alto Networks recommends applying GlobalProtect-specific vulnerability protection or disabling device telemetry as temporary measures until fixed firmware is available.

The company is set to release updated firmware to address the issue on April 14, and suggests customers use Threat ID 95187 and a security profile as interim protections.

Germany's Federal Office for Information Security (BSI) has issued an alert, advising organizations to quickly implement the recommended mitigations and review their devices for signs of compromise.

The urgency of this matter is heightened by recent similar security breaches attributed to Chinese hackers, with this incident deemed more critical than past occurrences.