Tag

Globalprotect

All articles tagged with #globalprotect

Active Exploitation Targets PAN-OS VPN Flaw CVE-2026-0257
security1 month ago

Active Exploitation Targets PAN-OS VPN Flaw CVE-2026-0257

Palo Alto Networks warns that CVE-2026-0257, a medium-severity authentication bypass affecting PAN-OS/GlobalProtect, is being actively exploited in the wild to sidestep security controls and establish unauthorized VPN sessions. Rapid7 tracked two exploitation waves starting mid‑May 2026 (earliest May 17), with VPN IP assignments after cookie-based authentication in some cases. The U.S. CISA added the flaw to its Known Exploited Vulnerabilities list, mandating mitigations by June 1, 2026. Temporary mitigations include disabling the authentication override feature or issuing a new certificate for that feature, with urgent patching urged until updates are applied.

Active Attacks Target Palo Alto GlobalProtect Flaw CVE-2026-0257
security1 month ago

Active Attacks Target Palo Alto GlobalProtect Flaw CVE-2026-0257

Hackers are actively exploiting the PAN-OS GlobalProtect authentication bypass (CVE-2026-0257) on unpatched devices to gain unauthorized VPN access. Patches were released earlier in the month, and mitigations include disabling the authentication override feature or using a separate certificate. Rapid7 observed exploitation beginning May 17 across multiple customers, with forged cookies enabling access in some cases, while federal agencies were urged to mitigate by June 1 as CISA added the flaw to KEV.

Unauthenticated PAN-OS DoS Flaw Forces Quick GlobalProtect Patch
cyber-security-news5 months ago

Unauthenticated PAN-OS DoS Flaw Forces Quick GlobalProtect Patch

Palo Alto Networks patched a critical PAN-OS vulnerability (CVE-2026-0227) that lets unauthenticated attackers trigger a denial-of-service on GlobalProtect gateways/portals. The flaw, rated CVSS 7.7 (HIGH), stems from improper handling of unusual conditions and affects multiple PAN-OS versions (Cloud NGFW is spared). A PoC exists, exploitation is not yet observed, and no workarounds are available. Administrators should upgrade to the latest hotfixes (PAN-OS 12.1.4 or 11.2.10-h2) and verify configurations via Palo Alto’s support portal while monitoring for DoS attempts.

"CISA Issues Alert for Active Attacks on Palo Alto Networks and Sisense"
network-security2 years ago

"CISA Issues Alert for Active Attacks on Palo Alto Networks and Sisense"

Palo Alto Networks has issued a warning about a critical vulnerability, CVE-2024-3400, in its PAN-OS software used in GlobalProtect gateways, with a maximum severity score. The flaw allows unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls. Versions PAN-OS < 11.1.2-h3, PAN-OS < 11.0.4-h1, and PAN-OS < 10.2.9-h1 are impacted, with fixes expected on April 14, 2024. The company is aware of limited attacks exploiting the vulnerability and recommends enabling Threat ID 95187 for protection. Cybersecurity firm Volexity discovered and reported the bug, and Chinese threat actors have been increasingly exploiting zero-day flaws in various network security products.