vulnerability
Palo Alto Networks PAN-OS: CVE-2024-3400: PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | 04/12/2024 | 04/12/2024 | 04/15/2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
04/12/2024
Added
04/12/2024
Modified
04/15/2025
Description
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Customers should continue to monitor this security advisory for the latest updates and product guidance.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Customers should continue to monitor this security advisory for the latest updates and product guidance.
Solution
palo-alto-networks-pan-os-cve-2024-3400-solution
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.