Palo Alto Products Remote Code Execution Vulnerability
RISK: Extremely High Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on the targeted system.
Note: CVE-2024-3400 affected GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
[Updated on 2024-04-15 11:56]
Updated solutions as Palo Alto Networks has released hotfix.
[Updated on 2024-04-17]
Updated System / Technologies affected
[Updated on 2024-04-18]
Updated System / Technologies affected
[Updated on 2024-04-19]
Updated System / Technologies affected
[Updated on 2024-04-22]
Updated System / Technologies affected
Impact
- Remote Code Execution
System / Technologies affected
- PAN-OS 11.1 versions earlier than 11.1.2-h3
- PAN-OS 11.1 versions earlier than 11.1.1-h1
- PAN-OS 11.1 versions earlier than 11.1.0-h3
- PAN-OS 11.0 versions earlier than 11.0.4-h1
- PAN-OS 11.0 versions earlier than 11.0.3-h10
- PAN-OS 11.0 versions earlier than 11.0.2-h4
- PAN-OS 11.0 versions earlier than 11.0.1-h4
- PAN-OS 11.0 versions earlier than 11.0.0-h3
- PAN-OS 10.2 versions earlier than 10.2.9-h1
- PAN-OS 10.2 versions earlier than 10.2.8-h3
- PAN-OS 10.2 versions earlier than 10.2.7-h8
- PAN-OS 10.2 versions earlier than 10.2.6-h3
- PAN-OS 10.2 versions earlier than 10.2.5-h6
- PAN-OS 10.2 versions earlier than 10.2.4-h16
- PAN-OS 10.2 versions earlier than 10.2.3-h13
- PAN-OS 10.2 versions earlier than 10.2.2-h5
- PAN-OS 10.2 versions earlier than 10.2.1-h2
- PAN-OS 10.2 versions earlier than 10.2.0-h3
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://security.paloaltonetworks.com/CVE-2024-3400
Vulnerability Identifier
Source
Related Link
Share with