CVE-2024-3400
CRITICAL severity · CVSS 10 · Improper input validation · actively exploited (CISA KEV)
10CVSS CRITICAL ● exploited ⚠ ransomware
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
⚠ Known use in ransomware campaigns. Added to KEV 2024-04-12. US federal agencies must patch by 2024-04-19.
Summary
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)94%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products we track (1)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://security.paloaltonetworks.com/CVE-2024-3400Advisory
- https://unit42.paloaltonetworks.com/cve-2024-3400/Advisory
- https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/Advisory
- https://security.paloaltonetworks.com/CVE-2024-3400Advisory
- https://unit42.paloaltonetworks.com/cve-2024-3400/Advisory
- https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/Advisory
- https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/Advisory
- https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/Advisory