Lucene search

K
cvePalo_altoCVE-2024-3400
HistoryApr 12, 2024 - 8:15 a.m.

CVE-2024-3400

2024-04-1208:15:06
CWE-20
CWE-77
palo_alto
web.nvd.nist.gov
539
In Wild
232
cve-2024-3400
globalprotect
palo alto networks
pan-os
command injection
vulnerability
root privileges
firewall
security
fix
development
release
cloud ngfw
panorama appliances
prisma access
nvd

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.965

Percentile

99.6%

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Affected configurations

Nvd
Vulners
Vulnrichment
Node
paloaltonetworkspan-osMatch10.2.0-
OR
paloaltonetworkspan-osMatch10.2.0h1
OR
paloaltonetworkspan-osMatch10.2.0h2
OR
paloaltonetworkspan-osMatch10.2.0h3
OR
paloaltonetworkspan-osMatch10.2.1-
OR
paloaltonetworkspan-osMatch10.2.1h1
OR
paloaltonetworkspan-osMatch10.2.1h2
OR
paloaltonetworkspan-osMatch10.2.2-
OR
paloaltonetworkspan-osMatch10.2.2h1
OR
paloaltonetworkspan-osMatch10.2.2h2
OR
paloaltonetworkspan-osMatch10.2.2h4
OR
paloaltonetworkspan-osMatch10.2.2h5
OR
paloaltonetworkspan-osMatch10.2.3-
OR
paloaltonetworkspan-osMatch10.2.3h11
OR
paloaltonetworkspan-osMatch10.2.3h12
OR
paloaltonetworkspan-osMatch10.2.3h13
OR
paloaltonetworkspan-osMatch10.2.3h2
OR
paloaltonetworkspan-osMatch10.2.3h4
OR
paloaltonetworkspan-osMatch10.2.3h9
OR
paloaltonetworkspan-osMatch10.2.4-
OR
paloaltonetworkspan-osMatch10.2.4h10
OR
paloaltonetworkspan-osMatch10.2.4h16
OR
paloaltonetworkspan-osMatch10.2.4h2
OR
paloaltonetworkspan-osMatch10.2.4h3
OR
paloaltonetworkspan-osMatch10.2.4h4
OR
paloaltonetworkspan-osMatch10.2.5-
OR
paloaltonetworkspan-osMatch10.2.5h1
OR
paloaltonetworkspan-osMatch10.2.5h4
OR
paloaltonetworkspan-osMatch10.2.5h6
OR
paloaltonetworkspan-osMatch10.2.6-
OR
paloaltonetworkspan-osMatch10.2.6h1
OR
paloaltonetworkspan-osMatch10.2.6h3
OR
paloaltonetworkspan-osMatch10.2.7-
OR
paloaltonetworkspan-osMatch10.2.7h1
OR
paloaltonetworkspan-osMatch10.2.7h3
OR
paloaltonetworkspan-osMatch10.2.7h6
OR
paloaltonetworkspan-osMatch10.2.7h8
OR
paloaltonetworkspan-osMatch10.2.8-
OR
paloaltonetworkspan-osMatch10.2.8h3
OR
paloaltonetworkspan-osMatch10.2.9-
OR
paloaltonetworkspan-osMatch10.2.9h1
OR
paloaltonetworkspan-osMatch11.0.0-
OR
paloaltonetworkspan-osMatch11.0.0h1
OR
paloaltonetworkspan-osMatch11.0.0h2
OR
paloaltonetworkspan-osMatch11.0.0h3
OR
paloaltonetworkspan-osMatch11.0.1-
OR
paloaltonetworkspan-osMatch11.0.1h2
OR
paloaltonetworkspan-osMatch11.0.1h3
OR
paloaltonetworkspan-osMatch11.0.1h4
OR
paloaltonetworkspan-osMatch11.0.2-
OR
paloaltonetworkspan-osMatch11.0.2h1
OR
paloaltonetworkspan-osMatch11.0.2h2
OR
paloaltonetworkspan-osMatch11.0.2h3
OR
paloaltonetworkspan-osMatch11.0.2h4
OR
paloaltonetworkspan-osMatch11.0.3-
OR
paloaltonetworkspan-osMatch11.0.3h1
OR
paloaltonetworkspan-osMatch11.0.3h10
OR
paloaltonetworkspan-osMatch11.0.3h3
OR
paloaltonetworkspan-osMatch11.0.3h5
OR
paloaltonetworkspan-osMatch11.0.4-
OR
paloaltonetworkspan-osMatch11.0.4h1
OR
paloaltonetworkspan-osMatch11.1.0-
OR
paloaltonetworkspan-osMatch11.1.0h1
OR
paloaltonetworkspan-osMatch11.1.0h2
OR
paloaltonetworkspan-osMatch11.1.0h3
OR
paloaltonetworkspan-osMatch11.1.1-
OR
paloaltonetworkspan-osMatch11.1.1h1
OR
paloaltonetworkspan-osMatch11.1.2-
OR
paloaltonetworkspan-osMatch11.1.2h1
OR
paloaltonetworkspan-osMatch11.1.2h3
VendorProductVersionCPE
paloaltonetworkspan-os10.2.0cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*
paloaltonetworkspan-os10.2.0cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*
paloaltonetworkspan-os10.2.0cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*
paloaltonetworkspan-os10.2.0cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*
paloaltonetworkspan-os10.2.1cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*
paloaltonetworkspan-os10.2.1cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*
paloaltonetworkspan-os10.2.1cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*
paloaltonetworkspan-os10.2.2cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*
paloaltonetworkspan-os10.2.2cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*
paloaltonetworkspan-os10.2.2cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*
Rows per page:
1-10 of 701

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "9.0.0"
      },
      {
        "status": "unaffected",
        "version": "9.1.0"
      },
      {
        "status": "unaffected",
        "version": "10.0.0"
      },
      {
        "status": "unaffected",
        "version": "10.1.0"
      },
      {
        "changes": [
          {
            "at": "10.2.9-h1",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.2.9-h1",
        "status": "affected",
        "version": "10.2.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "11.0.4-h1",
            "status": "unaffected"
          }
        ],
        "lessThan": "11.0.4-h1",
        "status": "affected",
        "version": "11.0.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "11.1.2-h3",
            "status": "unaffected"
          }
        ],
        "lessThan": "11.1.2-h3",
        "status": "affected",
        "version": "11.1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cloud NGFW",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Prisma Access",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  }
]

Social References

More

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.965

Percentile

99.6%