SOC Analysis: As indicated in the article, CVE-2024-3400 with a CVSS score of 10.0 is being exploited in the wild. While the scale is currently limited, it could increase quickly. If you’re unable to upgrade immediately, mitigation steps such as enabling Threat ID 95187 and applying a vulnerability protection profile are highly recommended.

Upgrade recommendations:
– PAN-OS 11.1 ⇒ 11.1.2-h3
– PAN-OS 11.0 ⇒ 11.0.4-h1
– PAN-OS 10.2 ⇒ 10.2.9-h1

Approach SOC team can assist in the event of an incident or suspected compromise.

PuTTY SSH Client Flaw Allows Private Keys Recovery

A critical vulnerability (CVE-2024-31497) in PuTTY SSH client versions 0.68 to 0.80 can allow attackers to recover NIST P-521 private keys. This affects FileZilla, WinSCP, TortoiseGit, and TortoiseSVN. By analyzing a few signed messages, attackers could reconstruct private keys and gain unauthorized access.

Cisco Warns of Massive Surge in Password-Spraying Attacks on VPNs

Cisco Talos has identified a sharp rise in brute-force password attacks on VPNs, SSH services, and web login portals. Affected technologies include Cisco Secure Firewall VPN, Checkpoint, Fortinet, SonicWall, and others. Attackers are leveraging common usernames to bypass weak authentication defenses.

WARNING: Critical Vulnerabilities in Ivanti Avalanche <6.4.3 Could Lead to RCE

Ivanti Avalanche suffers from two critical heap overflow vulnerabilities: CVE-2024-24996 and CVE-2024-29204. Rated 9.8 CVSS, they could lead to unauthenticated remote code execution. The affected components are WLInfoRailService and WLAvalancheService. Ivanti’s latest update (v6.4.3) addresses 25 vulnerabilities in total.

Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.