CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-3400

CVSS 10.0v3.1pub. 2024-04-12upd. 2025-11-04

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

🤖 AI Analysis
How it works

The vulnerability results from a combination of arbitrary file creation capability with a command injection flaw (CWE-77) in the GlobalProtect component. An attacker, without any authentication, can craft a network request that results in the creation of a malicious file on the system, followed by execution of embedded system commands with root privileges. The vulnerability affects specific versions of PAN-OS and particular GlobalProtect feature configurations.

Impact

The attacker gains full control over the firewall device with root privileges, enabling configuration reading and modification, network traffic interception, lateral movement to the internal network, and permanent compromise of the security infrastructure.

Mitigation & patch

Security patches available from the vendor must be applied immediately in accordance with references published at https://security.paloaltonetworks.com/CVE-2024-3400. Until updates are deployed, it is recommended to verify GlobalProtect configuration and monitor devices for signs of compromise.

Who is affected

Palo Alto Networks PAN-OS — specific versions with active GlobalProtect functionality. The vulnerability does NOT affect Cloud NGFW, Panorama devices, or Prisma Access. Detailed version lists are available in vendor references (security.paloaltonetworks.com/CVE-2024-3400).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Palo Alto Networks PAN-OS

    OS
    Paloaltonetworks
    10.2.010.2.110.2.210.2.310.2.410.2.510.2.610.2.710.2.810.2.911.0.011.0.111.0.211.0.311.0.4+ 3 więcej

CISA KEV — detailsi

Vendori
Palo Alto Networks
Producti
PAN-OS
Added to KEVi
April 12, 2024
Remediation deadline (US Federal)i
April 19, 2024(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.

CISA descriptioni

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 19 kwietnia 2024
Tags
RCEAuth BypassFirewallVPN
CWE
References

Related vulnerabilities

CVE-2026-0300CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Buffer overflow RCE z uprawnieniami root w PAN-OS Captive Portal

CVE-2024-0012CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Authentication bypass w PAN-OS umożliwiający przejęcie uprawnień administratora

CVE-2020-2021CRITICAL10.0⚠ KEVten sam produkt

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider C...

CVE-2017-15944CRITICAL9.8⚠ KEVten sam produkt

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allo...

CVE-2021-3064CRITICAL9.8ten sam produkt

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces tha...