Vulnerability Analysis
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
CVE-2024-3400
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
CISA KEV
Nuclei Template
CVSS Base Score
10.0
CRITICAL
Exploitability:3.9
Impact Score:6.1
Temporal Score:-
EPSS:100.00%
Threat Intelligence Signals
CISA KEV
YES
KEV Date Added
2024-04-12
Ransomware Use
Known
KEV Due Date
2024-04-19
VulnCheck In-the-Wild
No
Nuclei Template
YES
EPSS Score
99.999%
EPSS Percentile
100.0th pct
GHSA ID
GitHub Severity
CRITICAL
Identity & Timeline
| Status | - |
| Assigning Authority | - |
| CVSS Version / Source | - |
| Reserved | - |
| Published | - |
| Patch Date (date_public) | - |
| Exploit DB Date | - |
| First GitHub PoC Date | - |
| Last Updated | - |
| Time to Patch (Days to fix) | - |
| Exploit Release Gap | - |
| PoC Release Gap | - |
| Exploit DB References | None identified |
Affected Products & Versions
| Vendor | Product | Affected Versions |
|---|---|---|
| No affected products specified. | ||
Social Buzz