CVE ID
CVE-2024-3400
Vulnerability Name
Palo Alto Networks PAN-OS Command Injection Vulnerability
- Project: Palo Alto Networks
- Product: PAN-OS
Date
- Date Added: 2024-04-12
- Due Date: 2024-04-19
Description
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
Additional Notes
https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400
Related Security News
- Chinese hackers breached National Guard to steal network configurations
- Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors
- RansomHub Becomes 2024's Top Ransomware Group, Hitting 600+ Organizations Globally
- Over 2,000 Palo Alto firewalls hacked using recently patched bugs
- Cisco bug lets hackers run commands as root on UWRB access points
- U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks
- Iranian hackers work with ransomware gangs to extort breached orgs
- Focus on What Matters Most: Exposure Management and Your Attack Surface
- TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks
- CISA urges devs to weed out OS command injection vulnerabilities
Top comments (0)