CVE-2024-3400
Palo Alto Networks PAN-OS Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Apr 12, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Palo Alto Networks / PAN-OS
Vulnerability
Palo Alto Networks PAN-OS Command Injection Vulnerability
Added to KEV
Apr 12, 2024
Remediate by
Apr 19, 2024
Known ransomware use
Yes
Summary description
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
Required action
Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
Notes
https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400