Intrusion PreventionPalo.Alto.Networks.GlobalProtect.Command.Injection
Description
This indicates an attack attempt to exploit a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS.
The vulnerability is due to an error in the GlobalProtect when handling a maliciously crafted request. An unauthenticated remote attacker may be able to exploit this to execute arbitrary code with root privileges on the firewall.
Outbreak Alert
The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to remotely exploit an unauthenticated command injection vulnerability that leads to remote code execution. Once established, the attacker can further collect configurations, deliver malware payloads and move laterally and internally.
Affected Products
PAN-OS 11.1 versions earlier than PAN-OS 11.1.2-h3
PAN-OS 11.0 versions earlier than PAN-OS 11.0.4-h1
PAN-OS 10.2 versions earlier than PAN-OS 10.2.9-h1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://security.paloaltonetworks.com/CVE-2024-3400
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-05-01 | 27.778 | Sig Added |
| 2024-04-24 | 27.774 | Sig Added |
| 2024-04-17 | 27.770 | Default_action:pass:drop |
| 2024-04-15 | 27.768 |
| ID | 55555 |
| Created | Apr 14, 2024 |
| Updated | May 01, 2024 |
| Outbreak Alert | PAN-OS GlobalProtect Attack |
| Risk |
|
| CVE ID | CVE-2024-3400 |
| Known Exploited | Yes |
| Exploit Prediction Score | 95.36% |
| Default Action | drop |
| Active | |
| Affected OS | Other |
| Affected App | Other |