← Back to CVE List
Vulnerability Analysis
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

CVE-2024-3400

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

CISA KEV Nuclei Template
CVSS Base Score
10.0
CRITICAL
Exploitability:3.9
Impact Score:6.1
Temporal Score:-
EPSS:100.00%

Threat Intelligence Signals

CISA KEV
YES
KEV Date Added
2024-04-12
Ransomware Use
Known
KEV Due Date
2024-04-19
VulnCheck In-the-Wild
No
Nuclei Template
YES
EPSS Score
99.999%
EPSS Percentile
100.0th pct
GitHub Severity
CRITICAL

Identity & Timeline

Status-
Assigning Authority-
CVSS Version / Source-
Reserved-
Published-
Patch Date (date_public)-
Exploit DB Date-
First GitHub PoC Date-
Last Updated-
Time to Patch (Days to fix)-
Exploit Release Gap-
PoC Release Gap-
Exploit DB ReferencesNone identified

Affected Products & Versions

Vendor Product Affected Versions
No affected products specified.

References

No reference links found.

LINK COPIED TO CLIPBOARD