CVE-2024-3400 - Palo Alto Networks PAN-OS Command Injection Vulnerability

CVE-2024-3400: Palo Alto Networks | PAN-OS

Date Added:
2024-04-12

Due Date:
2024-04-19

Vulnerability Name: Palo Alto Networks PAN-OS Command Injection Vulnerability

Description: Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.

Additional Notes: https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400

Related News Articles

Cisco bug lets hackers run commands as root on UWRB access pointsNovember 7, 2024

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware AttacksAugust 29, 2024

Iranian hackers work with ransomware gangs to extort breached orgsAugust 29, 2024

Focus on What Matters Most: Exposure Management and Your Attack SurfaceAugust 23, 2024

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread AttacksJuly 18, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard