CVE-2024-3400
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | PAN-OS | 9.0.0 | unaffected |
| Palo Alto Networks | PAN-OS | 9.1.0 | unaffected |
| Palo Alto Networks | PAN-OS | 10.0.0 | unaffected |
| Palo Alto Networks | PAN-OS | 10.1.0 | unaffected |
| Palo Alto Networks | PAN-OS | 10.2.0 < 10.2.9-h1 | affected |
| Palo Alto Networks | PAN-OS | 11.0.0 < 11.0.4-h1 | affected |
| Palo Alto Networks | PAN-OS | 11.1.0 < 11.1.2-h3 | affected |
| Palo Alto Networks | Cloud NGFW | All | unaffected |
| Palo Alto Networks | Prisma Access | All | unaffected |
Weaknesses
- CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CWE-20: CWE-20 Improper Input Validation
Workarounds
Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). Please monitor this advisory and new Threat Prevention content updates for additional Threat Prevention IDs around CVE-2024-3400.
To apply the Threat IDs, customers must ensure that vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 for more information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
CVE Program Container
Additional References
- https://security.paloaltonetworks.com/CVE-2024-3400
- https://unit42.paloaltonetworks.com/cve-2024-3400/
- https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
- https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
References
- https://security.paloaltonetworks.com/CVE-2024-3400
- https://unit42.paloaltonetworks.com/cve-2024-3400/
- https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
- https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.