CVE-2024-3400

Summary

CVE-2024-3400 is a critical command injection vulnerability affecting specific versions and configurations of Palo Alto Networks PAN-OS software's GlobalProtect feature. An unauthenticated attacker can exploit an arbitrary file creation vulnerability to inject and execute arbitrary commands with root privileges on the firewall. However, this vulnerability does not impact Cloud NGFW, Panorama appliances, or Prisma Access.

Details

Published: 12 Apr 2024
Updated: 29 May 2024
CWE ID: 77
CWE ID: 20

Affected Products

PAN-OS

Affected Vendors

Palo Alto Networks Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vUxIZ9
https://www.cve.org/CVERecord?id=CVE-2024-3400
https://nvd.nist.gov/vuln/detail/CVE-2024-3400

Summary

Details

Affected Products

Affected Vendors

Advisories, Assessments, and Mitigations

This page is used by Marketo Forms 2 to proxy cross domain AJAX requests.