CVE-2024-3400

Summary

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPAN-OS9.0.0unaffected
Palo Alto NetworksPAN-OS9.1.0unaffected
Palo Alto NetworksPAN-OS10.0.0unaffected
Palo Alto NetworksPAN-OS10.1.0unaffected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.9-h1affected
Palo Alto NetworksPAN-OS11.0.0 < 11.0.4-h1affected
Palo Alto NetworksPAN-OS11.1.0 < 11.1.2-h3affected
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPrisma AccessAllunaffected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). Please monitor this advisory and new Threat Prevention content updates for additional Threat Prevention IDs around CVE-2024-3400.

To apply the Threat IDs, customers must ensure that vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 for more information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References