CVE-2024-3400

critical-risk

Published 2024-04-12

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Do I need to act?

94.3% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

1 public exploit available

51996

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Pan-Os

Affected Vendors

Paloaltonetworks

References (9)

Vendor Advisory https://security.paloaltonetworks.com/CVE-2024-3400

Exploit https://unit42.paloaltonetworks.com/cve-2024-3400/

Technical Description https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/

Exploit https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticate...

Vendor Advisory https://security.paloaltonetworks.com/CVE-2024-3400

Exploit https://unit42.paloaltonetworks.com/cve-2024-3400/

Technical Description https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/

Exploit https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticate...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-...

/ 100

critical-risk

Severity 33/34 · Critical

Exploitability 27/34 · High

Exposure 26/34 · High