CVE-2024-3400

NVD Published Date: April 12, 2024 at 08:15 AM
NVD Last Modified: May 29, 2024 at 04:00 PM
Download Patch
Vulnerability ID
CVE-2024-3400
Severity
CRITICAL
Severity Score
10.0
Summary
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Mitigation and Patches
-
Exploits

https://www.exploit-db.com/exploits/51996

https://github.com/h4x0r-dz/CVE-2024-3400

https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan

https://github.com/0x0d3ad/CVE-2024-3400

https://github.com/ihebski/CVE-2024-3400

https://github.com/momika233/CVE-2024-3400

https://github.com/Chocapikk/CVE-2024-3400

https://github.com/Yuvvi01/CVE-2024-3400

https://github.com/ak1t4/CVE-2024-3400

https://github.com/AdaniKamal/CVE-2024-3400

https://github.com/zam89/CVE-2024-3400-pot

https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection

https://github.com/schooldropout1337/CVE-2024-3400

https://unit42.paloaltonetworks.com/cve-2024-3400/

https://unit42.paloaltonetworks.com/cve-2024-3400/

https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/panos_telemetry_cmd_exec.rb

https://github.com/h4x0r-dz/CVE-2024-3400

https://github.com/0x0d3ad/CVE-2024-3400

https://github.com/W01fh4cker/CVE-2024-3400-RCE

https://github.com/Yuvvi01/CVE-2024-3400

https://github.com/ak1t4/CVE-2024-3400

https://github.com/AdaniKamal/CVE-2024-3400

https://github.com/Chocapikk/CVE-2024-3400

https://github.com/ihebski/CVE-2024-3400

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan

https://github.com/zam89/CVE-2024-3400-pot

https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection

https://github.com/momika233/CVE-2024-3400

https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400

https://github.com/schooldropout1337/CVE-2024-3400

Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE ID
CWE-77

Recent Publish

CVE-2024-4040

2024-07 Security and Quality Rollup for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 for x64 (KB5041024)

2024-07 Security and Quality Rollup for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 (KB5041024)

2024-07 Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 for x64 (KB5041026)

2024-07 Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 (KB5041026)

2024-07 Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 for x64 (KB5041026)

See SecOps Solution
in action

Schedule Demo