Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-3400

Summary
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At-12 Apr, 2024 | 07:20
Updated At-30 Jul, 2025 | 01:37
Rejected At-
Credits

Palo Alto Networks PAN-OS Command Injection Vulnerability

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Palo Alto Networks, Inc.Palo Alto Networks
Product:PAN-OS
Added At:12 Apr, 2024
Due At:19 Apr, 2024

Palo Alto Networks PAN-OS Command Injection Vulnerability

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

Used in Ransomware

:

Known

CWE

:
CWE-20CWE-77

Required Action:

Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.

Additional Notes:

https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:palo_alto
Assigner Org ID:d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At:12 Apr, 2024 | 07:20
Updated At:30 Jul, 2025 | 01:37
Rejected At:
▼CVE Numbering Authority (CNA)
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
PAN-OS
Default Status
unaffected
Versions
Affected
  • From 10.2.0 before 10.2.9-h1 (custom)
    • -> unaffectedfrom10.2.9-h1
  • From 11.0.0 before 11.0.4-h1 (custom)
    • -> unaffectedfrom11.0.4-h1
  • From 11.1.0 before 11.1.2-h3 (custom)
    • -> unaffectedfrom11.1.2-h3
Unaffected
  • 9.0.0
  • 9.1.0
  • 10.0.0
  • 10.1.0
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Cloud NGFW
Default Status
unaffected
Versions
Unaffected
  • All
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Prisma Access
Default Status
unaffected
Versions
Unaffected
  • All
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-248CAPEC-248 Command Injection
CAPEC ID: CAPEC-248
Description: CAPEC-248 Command Injection
Solutions

We strongly advise customers to immediately upgrade to a fixed version of PAN-OS to protect their devices even when workarounds and mitigations have been applied. This issue is fixed in PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Customers who upgrade to these versions will be fully protected.

Configurations

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability. You can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).

Workarounds

Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). Please monitor this advisory and new Threat Prevention content updates for additional Threat Prevention IDs around CVE-2024-3400. To apply the Threat IDs, customers must ensure that vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 for more information.

Exploits

Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties. More information about the vulnerability's exploitation in the wild can be found in the Unit 42 threat brief ( https://unit42.paloaltonetworks.com/cve-2024-3400/ ) and the Palo Alto Networks PSIRT blog post ( https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/) .

Credits

finder
Palo Alto Networks thanks Volexity for detecting and identifying this issue.
remediation verifier
Capability Development Group at Bishop Fox for helping us verify the fixes and improve threat prevention signatures.
Timeline
EventDate
Initial publication2024-04-12 06:55:00
Event: Initial publication
Date: 2024-04-12 06:55:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2024-3400
vendor-advisory
https://unit42.paloaltonetworks.com/cve-2024-3400/
technical-description
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
technical-description
https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
technical-description
Hyperlink: https://security.paloaltonetworks.com/CVE-2024-3400
Resource:
vendor-advisory
Hyperlink: https://unit42.paloaltonetworks.com/cve-2024-3400/
Resource:
technical-description
Hyperlink: https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
Resource:
technical-description
Hyperlink: https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
Resource:
technical-description
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Palo Alto Networks, Inc.paloaltonetworks
Product
pan-os
CPEs
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 10.2.0 before 10.2.9-h1 (custom)
Vendor
Palo Alto Networks, Inc.paloaltonetworks
Product
pan-os
CPEs
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 11.0.0 before 11.0.4-h1 (custom)
Vendor
Palo Alto Networks, Inc.paloaltonetworks
Product
pan-os
CPEs
  • cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 11.1.0 before 11.1.2-h3 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
kev
dateAdded:
2024-04-12
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3400
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
CVE-2024-3400 added to CISA KEV2024-04-12 00:00:00
Event: CVE-2024-3400 added to CISA KEV
Date: 2024-04-12 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2024-3400
vendor-advisory
x_transferred
https://unit42.paloaltonetworks.com/cve-2024-3400/
technical-description
x_transferred
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
technical-description
x_transferred
https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
technical-description
x_transferred
Hyperlink: https://security.paloaltonetworks.com/CVE-2024-3400
Resource:
vendor-advisory
x_transferred
Hyperlink: https://unit42.paloaltonetworks.com/cve-2024-3400/
Resource:
technical-description
x_transferred
Hyperlink: https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
Resource:
technical-description
x_transferred
Hyperlink: https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
Resource:
technical-description
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@paloaltonetworks.com
Published At:12 Apr, 2024 | 08:15
Updated At:29 Nov, 2024 | 16:47

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2024-04-122024-04-19Palo Alto Networks PAN-OS Command Injection VulnerabilityApply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
Date Added: 2024-04-12
Due Date: 2024-04-19
Vulnerability Name: Palo Alto Networks PAN-OS Command Injection Vulnerability
Required Action: Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches

Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.0
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.0
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.0
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.1
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.1
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.2
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.2
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.2
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.2
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.3
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.3
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.3
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.3
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.3
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.3
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.4
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.4
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.4
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.4
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.4
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.5
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.5
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.5
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.6
cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.6
cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.8
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.9
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.0
cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.0
cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.0
cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.1
cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.1
cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.1
cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.2
cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.2
cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.2
cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.2
cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.3
cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.3
cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.3
cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.3
cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.0.4
cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.1.0
cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.1.0
cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.1.0
cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>11.1.1
cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarypsirt@paloaltonetworks.com
CWE-77Secondarypsirt@paloaltonetworks.com
CWE-77Primarynvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: psirt@paloaltonetworks.com
CWE ID: CWE-77
Type: Secondary
Source: psirt@paloaltonetworks.com
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://security.paloaltonetworks.com/CVE-2024-3400psirt@paloaltonetworks.com
Vendor Advisory
https://unit42.paloaltonetworks.com/cve-2024-3400/psirt@paloaltonetworks.com
Exploit
Vendor Advisory
https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/psirt@paloaltonetworks.com
Technical Description
Vendor Advisory
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/psirt@paloaltonetworks.com
Exploit
Third Party Advisory
https://security.paloaltonetworks.com/CVE-2024-3400af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://unit42.paloaltonetworks.com/cve-2024-3400/af854a3a-2127-422b-91ae-364da2661108
Exploit
Vendor Advisory
https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/af854a3a-2127-422b-91ae-364da2661108
Technical Description
Vendor Advisory
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2024-3400
Source: psirt@paloaltonetworks.com
Resource:
Vendor Advisory
Hyperlink: https://unit42.paloaltonetworks.com/cve-2024-3400/
Source: psirt@paloaltonetworks.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
Source: psirt@paloaltonetworks.com
Resource:
Technical Description
Vendor Advisory
Hyperlink: https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
Source: psirt@paloaltonetworks.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2024-3400
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://unit42.paloaltonetworks.com/cve-2024-3400/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Vendor Advisory
Hyperlink: https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Technical Description
Vendor Advisory
Hyperlink: https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

67Records found

CVE-2021-21321
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.45% / 62.78%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 03:35
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prefix escape

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2.

Action-Not Available
Vendor-fastify-reply-from_projectfastify
Product-fastify-reply-fromfastify-reply-from
CWE ID-CWE-20
Improper Input Validation
CVE-2023-42802
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-3.01% / 86.07%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 13:32
Updated-05 Sep, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GLPI vulnerable to unallowed PHP script execution

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP files can then be executed through a web server request. Version 10.0.10 fixes this issue. As a workaround, remove write access on `/ajax` and `/front` files to the web server.

Action-Not Available
Vendor-GLPI Project
Product-glpiglpi
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-6962
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.19% / 41.26%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 16:07
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mas700clinical_information_center_mp100dclinical_information_center_mp100d_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_b850_monitor_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwarecarescape_b450_monitorcarescape_b650_monitorapexpro_telemetry_server_firmwarecarescape_central_station_mai700_firmwarecarescape_central_station_mai700apexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100r_firmwarecarescape_b450_monitor_firmwarecarescape_b650_monitor_firmwarecarescape_b850_monitorGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-20
Improper Input Validation
CVE-2018-16462
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-10||CRITICAL
EPSS-2.30% / 84.08%
||
7 Day CHG~0.00%
Published-30 Oct, 2018 | 21:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.

Action-Not Available
Vendor-apex-publish-static-files_projectn/a
Product-apex-publish-static-filesapex-publish-static-files
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-6963
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.21% / 43.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 16:31
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mai700_firmwarecarescape_central_station_mas700carescape_central_station_mai700clinical_information_center_mp100dapexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100d_firmwareclinical_information_center_mp100r_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwareapexpro_telemetry_server_firmwareGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-20
Improper Input Validation
CVE-2023-41917
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-10||CRITICAL
EPSS-1.86% / 82.29%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 07:41
Updated-02 Aug, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in Kiloview P1/P2 devices allows for remote code execution

Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution.

Action-Not Available
Vendor-Kiloviewkiloview
Product-P1/P2p2_4g_video_encoder_firmwarep1_4g_video_encoder_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28100
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.69% / 70.88%
||
7 Day CHG+0.20%
Published-16 Mar, 2023 | 15:51
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIOCLINUX can send commands outside sandbox if running on a virtual console

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.

Action-Not Available
Vendor-flatpakflatpak
Product-flatpakflatpak
CWE ID-CWE-20
Improper Input Validation
CVE-2019-11708
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-10||CRITICAL
EPSS-53.99% / 97.92%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:20
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrthunderbirdfirefoxThunderbirdFirefoxFirefox ESRFirefox and Thunderbird
CWE ID-CWE-20
Improper Input Validation
CVE-2024-48841
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-10||CRITICAL
EPSS-2.83% / 85.64%
||
7 Day CHG+0.72%
Published-27 Jan, 2025 | 19:25
Updated-14 Feb, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution (RCE) Vulnerabilities

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.

Action-Not Available
Vendor-ABB
Product-FLXEON
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45630
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-2.18% / 83.69%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:32
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwarerbs750_firmwarecbr750rbs850_firmwarerbr850rbr750_firmwarecbr750_firmwarecbr40rbs850rbk752_firmwarerbk752rbr750rbs750rbk852_firmwarerbk852rbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2017-7876
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-11.85% / 93.47%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.

Action-Not Available
Vendor-n/aQNAP Systems, Inc.
Product-qtsn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-22476
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-10||CRITICAL
EPSS-62.36% / 98.30%
||
7 Day CHG+0.15%
Published-16 May, 2024 | 20:46
Updated-01 Aug, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Neural Compressor softwareneural_compressor_software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26728
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-10||CRITICAL
EPSS-0.64% / 69.56%
||
7 Day CHG~0.00%
Published-24 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Action-Not Available
Vendor-lannerincLanner Inc
Product-iac-ast2500a_firmwareiac-ast2500aIAC-AST2500A
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-45066
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.44% / 62.38%
||
7 Day CHG~0.00%
Published-24 Sep, 2024 | 23:51
Updated-01 Oct, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command Injection

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.

Action-Not Available
Vendor-doverfuelingsolutionsDover Fueling Solutions (DFS)doverfuelingsolutions
Product-progauge_maglink_lx4_consoleprogauge_maglink_lx_console_firmwareprogauge_maglink_lx_consoleprogauge_maglink_lx4_console_firmwareProGauge MAGLINK LX CONSOLEProGauge MAGLINK LX4 CONSOLEmaglink_lx4_consolemaglink_lx_console
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-43693
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.44% / 62.38%
||
7 Day CHG~0.00%
Published-24 Sep, 2024 | 23:50
Updated-01 Oct, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command Injection

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.

Action-Not Available
Vendor-doverfuelingsolutionsDover Fueling Solutions (DFS)doverfuelingsolutions
Product-progauge_maglink_lx4_consoleprogauge_maglink_lx_console_firmwareprogauge_maglink_lx_consoleprogauge_maglink_lx4_console_firmwareProGauge MAGLINK LX CONSOLEProGauge MAGLINK LX4 CONSOLEmaglink_lx4_consolemaglink_lx_console
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-4196
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-10||CRITICAL
EPSS-0.84% / 73.78%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 04:00
Updated-21 Jan, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avaya IP Office Web Control RCE Vulnerability

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.

Action-Not Available
Vendor-Avaya LLC
Product-ip_officeIP Officeip_office
CWE ID-CWE-20
Improper Input Validation
CVE-2024-29895
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-92.81% / 99.75%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 14:33
Updated-02 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cacti command injection in cmd_realtime.php

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.

Action-Not Available
Vendor-The Cacti Group, Inc.
Product-cacticacti
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found