vulnerability
Palo Alto Networks PAN-OS: CVE-2024-3400: PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Apr 12, 2024 | Apr 12, 2024 | May 13, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Apr 12, 2024
Added
Apr 12, 2024
Modified
May 13, 2025
Description
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Customers should continue to monitor this security advisory for the latest updates and product guidance.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Customers should continue to monitor this security advisory for the latest updates and product guidance.
Solution
palo-alto-networks-pan-os-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.