CVE-2024-3400 – A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks …

12 April 2024

Vuln ID: CVE-2024-3400

Published: 2024-04-12 08:15:06.230

Description: A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.

Base Score: 9.8 – CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD.NIST.GOV

Date:

12 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Restore Damaged Files & Save Your Business for Only $5017 May 2024
Santander Data Breach: Hackers Accessed Company Database17 May 2024
Kroll expands its document review capabilities to accelerate incident response17 May 2024
CISA Warns of Actively Exploited D-Link Router Vulnerabilities – Patch Now17 May 2024
U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers17 May 2024