PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) (Operation MidnightEclipse)

Attackers are exploiting a command injection vulnerability in Palo Alto Networks PAN-OS software. Tracked as CVE-2024-3400, the vulnerability has been given a critical severity rating and a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code with root privileges on the firewall. The vulnerability exists in the … Continue reading “PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) (Operation MidnightEclipse)”

QNAP QTS OS Command Injection Vulnerabilities (CVE-2023-47218 & CVE-2023-50358)

Two OS command injection vulnerabilities impact the operating systems embedded in the firmware of QNAP’s popular network-attached storage (NAS) devices. Tracked as CVE-2023-47218 and CVE-2023-50358, the vulnerabilities may allow users to execute commands via a network. The vulnerabilities affect QNAP operating systems such as QTS, QuTS Hero, and QuTS Cloud. CVE-2023-47218 can be exploited by … Continue reading “QNAP QTS OS Command Injection Vulnerabilities (CVE-2023-47218 & CVE-2023-50358)”