CVE-2024-3400 - Palo Alto Networks PAN-OS Command Injection Vulnerability

CVE ID:CVE-2024-3400

Project:Palo Alto Networks

Product:PAN-OS

Date Added:2024-04-12Due Date:2024-04-19

Vulnerability Name

Palo Alto Networks PAN-OS Command Injection Vulnerability

Description

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.

Additional Notes

https://security.paloaltonetworks.com/CVE-2024-3400

https://nvd.nist.gov/vuln/detail/CVE-2024-3400

Related News Articles

RansomHub Becomes 2024's Top Ransomware Group, Hitting 600+ Organizations GloballyFebruary 14, 2025

Over 2,000 Palo Alto firewalls hacked using recently patched bugsNovember 22, 2024

Cisco bug lets hackers run commands as root on UWRB access pointsNovember 7, 2024

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware AttacksAugust 29, 2024

Iranian hackers work with ransomware gangs to extort breached orgsAugust 29, 2024

Latest Security News

Top CVE List

Common Alerts

HighServer Side Template Injection
LowInsufficient Site Isolation Against Spectre Vulnerability
MediumHidden File Found
InformationalCross Site Scripting (Persistent) - Spider
MediumJava Serialization Object
LowCookie with SameSite Attribute None
HighSource Code Disclosure - /WEB-INF Folder
HighAccess Control Issue - Improper Authorization
MediumHTTP Parameter Override
InformationalUser Controllable Charset

Top CWE List