Security Advisory Pulse/CVE-2024-3400
CVE-2024-3400Exploit Available

PAN-OS GlobalProtect OS Command Injection (Zero-Day)

🏭 Palo Alto NetworksCWE-77#Zero-Day#RCE#Firewall#Network Perimeter#Actively Exploited
10.0Critical
010.0

Vulnerability Description

A critical command injection zero-day in Palo Alto Networks PAN-OS GlobalProtect Gateway allows an unauthenticated attacker to execute arbitrary OS commands with root privileges on affected firewalls. Actively exploited in the wild.

Recommended Mitigation

Apply Palo Alto hotfix immediately. If unable to patch, disable GlobalProtect or enable Threat Prevention subscription. Add "Command and Control" signatures to block known IOCs.

Affected Products

PAN-OS GlobalProtect
Palo Alto Networks Firewall

Version constraint: PAN-OS 11.1 < 11.1.2-h3, PAN-OS 11.0 < 11.0.4-h1, PAN-OS 10.2 < 10.2.9-h1

Official References

https://security.paloaltonetworks.com/CVE-2024-3400https://unit42.paloaltonetworks.com/cve-2024-3400/https://nvd.nist.gov/vuln/detail/CVE-2024-3400

Quick Facts

Published
2024-04-12
Last Modified
2024-04-15
Vendor
Palo Alto Networks
CWE
CWE-77
Exploit
⚠️ Public Exploit Exists

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

View on NVD← Back to Advisory Feed