https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2024-3400-unit42-threat-brief-private-data-reset/m-p/584580#M2197 <P>Unit42 updated the threat brief at&nbsp;<A href="https://unit42.paloaltonetworks.com/cve-2024-3400/" target="_blank">Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 (Updated April 22) (paloaltonetworks.com)</A>&nbsp;on 22 April to include remediation steps for each observed level of exploit attempt.</P> <P>&nbsp;</P> <P>The recommended remediation for a Level 2: Potential Exfiltration is to hotfix the affected appliance and perform a&nbsp;<EM>private data reset.</EM> <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJ4CAK" target="_blank">How to remove all logs and restore the default configuration - Knowledge Base - Palo Alto Networks</A>&nbsp;specifically states <EM>the&nbsp;</EM><SPAN><EM>command will not perform the same actions as a factory reset of the device from Maintenance Mode</EM> and that&nbsp;<EM>Private-data-reset will not do a zero-ization of the data and will not erase the system disks.</EM></SPAN></P> <P>&nbsp;</P> <P>If the system disks are not erased, is it possible the file system is left intact and persistent threats remain and a factory reset should be in order (no scrubs)?</P> Tue, 23 Apr 2024 01:39:06 GMT mb_equate 2024-04-23T01:39:06Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2024-3400-unit42-threat-brief-private-data-reset/m-p/584580#M2197 <P>Unit42 updated the threat brief at&nbsp;<A href="https://unit42.paloaltonetworks.com/cve-2024-3400/" target="_blank">Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 (Updated April 22) (paloaltonetworks.com)</A>&nbsp;on 22 April to include remediation steps for each observed level of exploit attempt.</P> <P>&nbsp;</P> <P>The recommended remediation for a Level 2: Potential Exfiltration is to hotfix the affected appliance and perform a&nbsp;<EM>private data reset.</EM> <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJ4CAK" target="_blank">How to remove all logs and restore the default configuration - Knowledge Base - Palo Alto Networks</A>&nbsp;specifically states <EM>the&nbsp;</EM><SPAN><EM>command will not perform the same actions as a factory reset of the device from Maintenance Mode</EM> and that&nbsp;<EM>Private-data-reset will not do a zero-ization of the data and will not erase the system disks.</EM></SPAN></P> <P>&nbsp;</P> <P>If the system disks are not erased, is it possible the file system is left intact and persistent threats remain and a factory reset should be in order (no scrubs)?</P> Tue, 23 Apr 2024 01:39:06 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cve-2024-3400-unit42-threat-brief-private-data-reset/m-p/584580#M2197 mb_equate 2024-04-23T01:39:06Z