CVE-2024-3400

Published Apr 12, 2024

Last updated 2 months ago

Exploit knownCVSS critical 10.0

Insights

Analysis from the Intruder Security Team
Published Oct 15, 2024

The serious vulnerability affects a number of Palo Alto GlobalProtect devices which utilize device analytics. Active exploitation of this vulnerability has been witnessed by a number of organizations.

More information is available in our blog post here.

Overview

Description
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Source
psirt@paloaltonetworks.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Palo Alto Networks PAN-OS Command Injection Vulnerability
Exploit added on
Apr 12, 2024
Exploit action due
Apr 19, 2024
Required action
Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.

Weaknesses

psirt@paloaltonetworks.com
CWE-20
nvd@nist.gov
CWE-77

Social media

Hype score
Not currently trending

  1. On April 18, 2024, a critical vulnerability (CVE-2024-3400) in Palo Alto’s GlobalProtect products was actively exploited, leading to data breaches in organizations worldwide. This incident underscores the urgent need for robust online security measures. A VPN encrypts your… http

    @KristianSa45904

    14 Jan 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 2024 已经快结束了, 简单总结下吧 一、工作和学习: (1) obsidian 更新或记录了近60篇笔记, 但是博客只更新了 5篇 (2) 漏洞挖掘和漏洞分析方面,基本分析了一年来热度笔记大的安全设备漏洞或者安全事件比如 CVE-2024-21762 、CVE-2024-3400… https://t.co/AJk1Q80OSc

    @bestswngs

    31 Dec 2024

    1368 Impressions

    0 Retweets

    21 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  3. Continuing with the Sec Analyst Path on the @LetsDefendIO platform, we tackle an alert for an "Palo Alto Networks PAN-OS Command Injection Vulnerability Exploitation (CVE-2024-3400)". Was this simply a false positive or possibly something more malicious? https://t.co/etxteF6h6l

    @InfoSec_Bret

    28 Dec 2024

    65 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 私的2024年の悪用があった脆弱性3選。 ・Ivanti Connect Secure の複数の脆弱性(CVE-2023-46805等) ・PAN-OSの脆弱性(CVE-2024-3400) ・FortiManagerの脆弱性(CVE-2024-47575) どれも悪用済からの情報公開でパッチと共にまず侵害有無を調査すべきだが、しなくて侵害に気がついてない組織も多かった。

    @Sec_S_Owl

    19 Dec 2024

    1377 Impressions

    1 Retweet

    25 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  5. Palo Alto Networks is warning that a critical flaw impacting PAN-OS software used in its GlobalProtect gateways is being actively exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indi... https://t.co/SoysHCWBb6

    @pedri77

    12 Dec 2024

    343 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Top 5 Trending CVEs: 1 - CVE-2024-38144 2 - CVE-2024-6387 3 - CVE-2020-14938 4 - CVE-2024-7970 5 - CVE-2024-3400 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Dec 2024

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Top 5 Trending CVEs: 1 - CVE-2024-35286 2 - CVE-2024-3400 3 - CVE-2024-40834 4 - CVE-2024-43451 5 - CVE-2024-8636 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    7 Dec 2024

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critic... https://t.co/lWbwEbA6cF

    @pedri77

    5 Dec 2024

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Threat actors exploits GlobalProtect (CVE-2024-3400) to deliver the Sliver C2 malware (up.js) by leveraging the compromised VICIdial server, threat actor likely exploited the (CVE-2024-8504) to store their payloads on legitimate server (104.131.69[.]106/vicidial/up.js). https://t

    @WhichbufferArda

    5 Dec 2024

    8385 Impressions

    30 Retweets

    108 Likes

    43 Bookmarks

    3 Replies

    0 Quotes

  10. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    23 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    20 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. RedTail方面メモ(出前館事案) RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit https://t.co/ErkyV1jm8W CVE-2024-4577 Exploits in the Wild One Day After Disclosure https://t.co/XHZOoQFamF

    @taku888infinity

    30 Oct 2024

    1473 Impressions

    7 Retweets

    15 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  13. Actively exploited CVE : CVE-2024-3400

    @transilienceai

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References