← Volver a CVEs
CVE-2024-3400
CRITICALCISA KEV10.0
Descripcion
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Detalles CVE
Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/12/2024
Ultima modificacion11/4/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorPalo Alto Networks
ProductoPAN-OS
Nombre vulnerabilidadPalo Alto Networks PAN-OS Command Injection Vulnerability
Fecha inclusion KEV2024-04-12
Fecha limite remediacion2024-04-19
Uso en ransomwareKnown
Productos afectados
paloaltonetworks:pan-os
Debilidades (CWE)
CWE-20CWE-77CWE-77
Referencias
https://security.paloaltonetworks.com/CVE-2024-3400(psirt@paloaltonetworks.com)
https://unit42.paloaltonetworks.com/cve-2024-3400/(psirt@paloaltonetworks.com)
https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/(psirt@paloaltonetworks.com)
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/(psirt@paloaltonetworks.com)
https://security.paloaltonetworks.com/CVE-2024-3400(af854a3a-2127-422b-91ae-364da2661108)
https://unit42.paloaltonetworks.com/cve-2024-3400/(af854a3a-2127-422b-91ae-364da2661108)
https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/(af854a3a-2127-422b-91ae-364da2661108)
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3400(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.