CVE-2024-3400
Palo Alto Networks PAN-OS Command Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
100.0%
p100
KEV
SÍ
12 abr 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Palo Alto Networks / PAN-OS
Vulnerabilidad
Palo Alto Networks PAN-OS Command Injection Vulnerability
Añadido a KEV
12 abr 2024
Remediar antes de
19 abr 2024
Uso conocido en ransomware
Sí
Descripción resumida
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
Acción requerida
Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
Notas
https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400