A critical security flaw, CVE-2024-3400, affects 22,500 Palo Alto GlobalProtect firewall devices, allowing root-level command execution without authentication.

The vulnerability has been actively exploited since March 26, 2024, with the 'Upstyle' backdoor being installed on compromised systems.

Patches for the vulnerability were released between April 14 and April 18, 2024.

Despite the release of patches, approximately 22,500 devices remain potentially vulnerable as of April 18, 2024, primarily in the United States.

The exploit's public disclosure has led to increased attacks, with 156,000 instances of PAN-OS firewalls exposed online.

Palo Alto has issued a security advisory, urging those with unpatched firewalls to take immediate action to secure their systems.