CISA KEV 정보
| 취약점명 | Palo Alto Networks PAN-OS Command Injection Vulnerability |
|---|---|
| 설명 | Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall. |
| 조치사항 | Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule. |
| 랜섬웨어 캠페인 악용 | Known |
| CWE | CWE-20 | CWE-77 |
| 등록일 (KEV) | 2024-04-12 |
| 조치 기한 | 2024-04-19 |
| 추가 참고 | https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400 |
NVD 상세 정보
CVSS v3.1: 10.0 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H설명: A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
CWE: CWE-20 | CWE-77 | CWE-77
참조
- https://security.paloaltonetworks.com/CVE-2024-3400 [Vendor Advisory]
- https://unit42.paloaltonetworks.com/cve-2024-3400/ [Exploit, Vendor Advisory]
- https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/ [Technical Description, Vendor Advisory]
- https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ [Exploit, Third Party Advisory]
- https://security.paloaltonetworks.com/CVE-2024-3400 [Vendor Advisory]
- https://unit42.paloaltonetworks.com/cve-2024-3400/ [Exploit, Vendor Advisory]
- https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/ [Technical Description, Vendor Advisory]
- https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ [Exploit, Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3400 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.