/

CVE-2024-3400 Report - Details, Severity, & Advisories

CVE-2024-3400 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3400 is a critical command injection vulnerability found in the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges on the affected firewall. It impacts specific versions and feature configurations of PAN-OS software, but does not affect Cloud NGFW, Panorama appliances, or Prisma Access. To protect against this vulnerability, it is essential to upgrade to a fixed version of PAN-OS and follow recommended mitigation strategies.

How do I know if I'm affected?

If you're using Palo Alto Networks PAN-OS software, you might be affected by the CVE-2024-3400 vulnerability. This issue impacts specific versions of PAN-OS, particularly PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1, when configured with GlobalProtect gateway or GlobalProtect portal. It's important to note that this vulnerability does not affect cloud firewalls, Panorama appliances, or Prisma Access. To check if you're affected, review your PAN-OS version and configuration settings.

What should I do if I'm affected?

If you're affected by the CVE-2024-3400 vulnerability, immediately upgrade to a fixed version of PAN-OS and apply necessary Threat Prevention signatures. Continually stay up-to-date with threat prevention content packages and follow the guidance provided in the security advisory. Monitor your network for abnormal activity and investigate any unexpected occurrences. Reach out to Palo Alto Networks support if you suspect a compromise.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-3400 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It is named "Palo Alto Networks PAN-OS Command Injection Vulnerability" and was added on April 12, 2024. The due date for required action is April 19, 2024. To mitigate this vulnerability, organizations should apply vendor-provided mitigations or enable specific Threat Prevention IDs if using vulnerable versions of the affected devices.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-77 involves weaknesses like improper neutralization of special elements in a command and CWE-20 improper input validation. It allows attackers to execute arbitrary code on affected firewalls.

For more details

CVE-2024-3400 is a critical vulnerability in Palo Alto Networks PAN-OS software, affecting specific versions and configurations. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-3400 Report - Details, Severity, & Advisories

CVE-2024-3400 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3400 is a critical command injection vulnerability found in the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges on the affected firewall. It impacts specific versions and feature configurations of PAN-OS software, but does not affect Cloud NGFW, Panorama appliances, or Prisma Access. To protect against this vulnerability, it is essential to upgrade to a fixed version of PAN-OS and follow recommended mitigation strategies.

How do I know if I'm affected?

If you're using Palo Alto Networks PAN-OS software, you might be affected by the CVE-2024-3400 vulnerability. This issue impacts specific versions of PAN-OS, particularly PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1, when configured with GlobalProtect gateway or GlobalProtect portal. It's important to note that this vulnerability does not affect cloud firewalls, Panorama appliances, or Prisma Access. To check if you're affected, review your PAN-OS version and configuration settings.

What should I do if I'm affected?

If you're affected by the CVE-2024-3400 vulnerability, immediately upgrade to a fixed version of PAN-OS and apply necessary Threat Prevention signatures. Continually stay up-to-date with threat prevention content packages and follow the guidance provided in the security advisory. Monitor your network for abnormal activity and investigate any unexpected occurrences. Reach out to Palo Alto Networks support if you suspect a compromise.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-3400 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It is named "Palo Alto Networks PAN-OS Command Injection Vulnerability" and was added on April 12, 2024. The due date for required action is April 19, 2024. To mitigate this vulnerability, organizations should apply vendor-provided mitigations or enable specific Threat Prevention IDs if using vulnerable versions of the affected devices.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-77 involves weaknesses like improper neutralization of special elements in a command and CWE-20 improper input validation. It allows attackers to execute arbitrary code on affected firewalls.

For more details

CVE-2024-3400 is a critical vulnerability in Palo Alto Networks PAN-OS software, affecting specific versions and configurations. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-3400 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3400 is a critical command injection vulnerability found in the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges on the affected firewall. It impacts specific versions and feature configurations of PAN-OS software, but does not affect Cloud NGFW, Panorama appliances, or Prisma Access. To protect against this vulnerability, it is essential to upgrade to a fixed version of PAN-OS and follow recommended mitigation strategies.

How do I know if I'm affected?

If you're using Palo Alto Networks PAN-OS software, you might be affected by the CVE-2024-3400 vulnerability. This issue impacts specific versions of PAN-OS, particularly PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1, when configured with GlobalProtect gateway or GlobalProtect portal. It's important to note that this vulnerability does not affect cloud firewalls, Panorama appliances, or Prisma Access. To check if you're affected, review your PAN-OS version and configuration settings.

What should I do if I'm affected?

If you're affected by the CVE-2024-3400 vulnerability, immediately upgrade to a fixed version of PAN-OS and apply necessary Threat Prevention signatures. Continually stay up-to-date with threat prevention content packages and follow the guidance provided in the security advisory. Monitor your network for abnormal activity and investigate any unexpected occurrences. Reach out to Palo Alto Networks support if you suspect a compromise.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-3400 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It is named "Palo Alto Networks PAN-OS Command Injection Vulnerability" and was added on April 12, 2024. The due date for required action is April 19, 2024. To mitigate this vulnerability, organizations should apply vendor-provided mitigations or enable specific Threat Prevention IDs if using vulnerable versions of the affected devices.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-77 involves weaknesses like improper neutralization of special elements in a command and CWE-20 improper input validation. It allows attackers to execute arbitrary code on affected firewalls.

For more details

CVE-2024-3400 is a critical vulnerability in Palo Alto Networks PAN-OS software, affecting specific versions and configurations. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the links below.