Skip to main content

Palo Alto Products Remote Code Execution Vulnerability

Last Update Date: 22 Apr 2024 Release Date: 15 Apr 2024 5378 Views

RISK: Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note: CVE-2024-3400 affected GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

 

[Updated on 2024-04-15 11:56] 

Updated solutions as Palo Alto Networks has released hotfix.

 

[Updated on 2024-04-17] 

Updated System / Technologies affected

 

[Updated on 2024-04-18] 

Updated System / Technologies affected

 

[Updated on 2024-04-19] 

Updated System / Technologies affected
 

[Updated on 2024-04-22] 

Updated System / Technologies affected


Impact

  • Remote Code Execution

System / Technologies affected

  • PAN-OS 11.1 versions earlier than 11.1.2-h3
  • PAN-OS 11.1 versions earlier than 11.1.1-h1
  • PAN-OS 11.1 versions earlier than 11.1.0-h3
  • PAN-OS 11.0 versions earlier than 11.0.4-h1
  • PAN-OS 11.0 versions earlier than 11.0.3-h10
  • PAN-OS 11.0 versions earlier than 11.0.2-h4
  • PAN-OS 11.0 versions earlier than 11.0.1-h4
  • PAN-OS 11.0 versions earlier than 11.0.0-h3
  • PAN-OS 10.2 versions earlier than 10.2.9-h1
  • PAN-OS 10.2 versions earlier than 10.2.8-h3
  • PAN-OS 10.2 versions earlier than 10.2.7-h8
  • PAN-OS 10.2 versions earlier than 10.2.6-h3
  • PAN-OS 10.2 versions earlier than 10.2.5-h6
  • PAN-OS 10.2 versions earlier than 10.2.4-h16
  • PAN-OS 10.2 versions earlier than 10.2.3-h13
  • PAN-OS 10.2 versions earlier than 10.2.2-h5
  • PAN-OS 10.2 versions earlier than 10.2.1-h2
  • PAN-OS 10.2 versions earlier than 10.2.0-h3
 

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 


Vulnerability Identifier


Source


Related Link