CVE-2024-3400

CVSS 3.1 Score 10.0 of 10 (CRITICAL)

Attack Complexity

LOW

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Scope

CHANGED

Privileges Required

NONE

Summary

CVE-2024-3400 is a critical command injection vulnerability affecting specific versions and configurations of Palo Alto Networks PAN-OS software's GlobalProtect feature. An unauthenticated attacker can exploit an arbitrary file creation vulnerability to inject and execute arbitrary commands with root privileges on the firewall. However, this vulnerability does not impact Cloud NGFW, Panorama appliances, or Prisma Access.

Details

Published: formatDate( 2024-04-12T08:15:06.230Z )
Updated: formatDate( 2024-05-29T16:00:24.093Z )
CWE ID: CWE-77,CWE-20

Affected Products

PAN-OS

Affected Vendors

Palo Alto Networks Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vUxIZ9
https://www.cve.org/CVERecord?id=CVE-2024-3400
https://nvd.nist.gov/vuln/detail/CVE-2024-3400