Lucene search
HistoryApr 12, 2024 - 8:15 a.m.
CVE-2024-3400
cve-2024-3400
firewall
command injection
globalprotect
palo alto networks
pan-os
arbitrary file creation
root privileges
unauthenticated attacker
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.957 High
EPSS
Percentile
99.4%
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Affected configurations
Node
paloaltonetworkspan-osMatch10.2.0-
ORpaloaltonetworkspan-osMatch10.2.0h1
ORpaloaltonetworkspan-osMatch10.2.0h2
ORpaloaltonetworkspan-osMatch10.2.0h3
ORpaloaltonetworkspan-osMatch10.2.1-
ORpaloaltonetworkspan-osMatch10.2.1h1
ORpaloaltonetworkspan-osMatch10.2.1h2
ORpaloaltonetworkspan-osMatch10.2.2-
ORpaloaltonetworkspan-osMatch10.2.2h1
ORpaloaltonetworkspan-osMatch10.2.2h2
ORpaloaltonetworkspan-osMatch10.2.2h4
ORpaloaltonetworkspan-osMatch10.2.2h5
ORpaloaltonetworkspan-osMatch10.2.3-
ORpaloaltonetworkspan-osMatch10.2.3h11
ORpaloaltonetworkspan-osMatch10.2.3h12
ORpaloaltonetworkspan-osMatch10.2.3h13
ORpaloaltonetworkspan-osMatch10.2.3h2
ORpaloaltonetworkspan-osMatch10.2.3h4
ORpaloaltonetworkspan-osMatch10.2.3h9
ORpaloaltonetworkspan-osMatch10.2.4-
ORpaloaltonetworkspan-osMatch10.2.4h10
ORpaloaltonetworkspan-osMatch10.2.4h16
ORpaloaltonetworkspan-osMatch10.2.4h2
ORpaloaltonetworkspan-osMatch10.2.4h3
ORpaloaltonetworkspan-osMatch10.2.4h4
ORpaloaltonetworkspan-osMatch10.2.5-
ORpaloaltonetworkspan-osMatch10.2.5h1
ORpaloaltonetworkspan-osMatch10.2.5h4
ORpaloaltonetworkspan-osMatch10.2.5h6
ORpaloaltonetworkspan-osMatch10.2.6-
ORpaloaltonetworkspan-osMatch10.2.6h1
ORpaloaltonetworkspan-osMatch10.2.6h3
ORpaloaltonetworkspan-osMatch10.2.7-
ORpaloaltonetworkspan-osMatch10.2.7h1
ORpaloaltonetworkspan-osMatch10.2.7h3
ORpaloaltonetworkspan-osMatch10.2.7h6
ORpaloaltonetworkspan-osMatch10.2.7h8
ORpaloaltonetworkspan-osMatch10.2.8-
ORpaloaltonetworkspan-osMatch10.2.8h3
ORpaloaltonetworkspan-osMatch10.2.9-
ORpaloaltonetworkspan-osMatch10.2.9h1
ORpaloaltonetworkspan-osMatch11.0.0-
ORpaloaltonetworkspan-osMatch11.0.0h1
ORpaloaltonetworkspan-osMatch11.0.0h2
ORpaloaltonetworkspan-osMatch11.0.0h3
ORpaloaltonetworkspan-osMatch11.0.1-
ORpaloaltonetworkspan-osMatch11.0.1h2
ORpaloaltonetworkspan-osMatch11.0.1h3
ORpaloaltonetworkspan-osMatch11.0.1h4
ORpaloaltonetworkspan-osMatch11.0.2-
ORpaloaltonetworkspan-osMatch11.0.2h1
ORpaloaltonetworkspan-osMatch11.0.2h2
ORpaloaltonetworkspan-osMatch11.0.2h3
ORpaloaltonetworkspan-osMatch11.0.2h4
ORpaloaltonetworkspan-osMatch11.0.3-
ORpaloaltonetworkspan-osMatch11.0.3h1
ORpaloaltonetworkspan-osMatch11.0.3h10
ORpaloaltonetworkspan-osMatch11.0.3h3
ORpaloaltonetworkspan-osMatch11.0.3h5
ORpaloaltonetworkspan-osMatch11.0.4-
ORpaloaltonetworkspan-osMatch11.0.4h1
ORpaloaltonetworkspan-osMatch11.1.0-
ORpaloaltonetworkspan-osMatch11.1.0h1
ORpaloaltonetworkspan-osMatch11.1.0h2
ORpaloaltonetworkspan-osMatch11.1.0h3
ORpaloaltonetworkspan-osMatch11.1.1-
ORpaloaltonetworkspan-osMatch11.1.1h1
ORpaloaltonetworkspan-osMatch11.1.2-
ORpaloaltonetworkspan-osMatch11.1.2h1
ORpaloaltonetworkspan-osMatch11.1.2h3
Related
githubexploit
githubexploit
Exploit for Command Injection in Paloaltonetworks Pan-Os
2024-04-17 04:58:42
Exploit for Command Injection in Paloaltonetworks Pan-Os
2024-04-17 16:01:20
Exploit for Command Injection in Paloaltonetworks Pan-Os
2024-04-15 03:28:22
zdt
zdt
Palo Alto OS Command Injection Vulnerability
2024-04-17 00:00:00
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation Exploit
2024-04-21 00:00:00
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution Exploit
2024-04-23 00:00:00
thn
thn
Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack
2024-04-13 08:25:00
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack
2024-04-12 08:56:00
packetstorm
packetstorm
Palo Alto OS Command Injection
2024-04-17 00:00:00
Palo Alto PAN-OS Command Execution / Arbitrary File Creation
2024-04-23 00:00:00
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
2024-04-23 00:00:00
wallarmlab
wallarmlab
ics
ics
cvelist
cvelist
akamaiblog
akamaiblog
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
2024-05-30 14:00:00
rapid7blog
rapid7blog
CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls
2024-04-12 12:59:48
Metasploit Weekly Wrap-Up 04/26/24
2024-04-26 19:49:58
metasploit
metasploit
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
2024-04-17 18:52:50
cisa_kev
cisa_kev
Palo Alto Networks PAN-OS Command Injection Vulnerability
2024-04-12 00:00:00
hackread
hackread
attackerkb
attackerkb
CVE-2024-3400
2024-04-12 00:00:00
nessus
nessus
Palo Alto Networks PAN-OS CVE-2024-3400
2024-04-12 00:00:00
paloalto
paloalto
nuclei
nuclei
GlobalProtect - OS Command Injection
2024-04-16 15:37:09
cve
cve
CVE-2024-3400
2024-04-12 08:15:06
exploitdb
exploitdb
trellix
trellix
The Bug Report - April 2024 Edition
2024-04-29 00:00:00
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.957 High
EPSS
Percentile
99.4%
Related for NVD:CVE-2024-3400