A critical authentication bypass vulnerability in Palo Alto Networks’ GlobalProtect VPN is currently being exploited by threat actors, allowing attackers to bypass user authentication and potentially gain unauthorized access to corporate networks without valid credentials. The issue affects specific software versions of GlobalProtect VPN and stems from a weakness in the authentication mechanism that fails to properly validate login attempts.
Researchers first disclosed the flaw after noticing unusual authentication patterns indicating exploitation in the wild. According to Palo Alto Networks’ security advisory, the vulnerability is located in the GlobalProtect portal and gateway components and can be triggered by specially crafted requests that the vulnerable system does not properly authenticate. Palo Alto Networks has released patches to address the issue and strongly advises immediate application to reduce ongoing risk.
Advertisement
300 × 250
Security analysts say active exploitation of this flaw significantly broadens the threat landscape for organizations that use GlobalProtect for secure remote access. Attackers who leverage the bypass can move laterally within compromised environments, potentially accessing sensitive data or deploying additional malware, a risk amplified by hybrid work models and expanded remote workforce infrastructure.
A cybersecurity expert familiar with the situation stated, “Given the critical nature of this flaw and the availability of exploits, organizations must prioritize updating their GlobalProtect instances. Delay in patching could result in severe consequences, including unauthorized data access and persistent network compromise.” The incident highlights the importance of rigorous patch management, continuous monitoring for anomalous authentication activity, and evaluating vendor responsiveness when assessing VPN solutions.
Source: bleepingcomputer.com
