Critical Command Injection Vulnerability Found in Palo Alto Networks GlobalProtect

16 April 2024 [NO.TCSA : 20240416-1-1-P]

PUBLISHED:
16 April 2024

Critical Command Injection in Palo Alto Networks GlobalProtect

A critical vulnerability has been identified in Palo Alto Networks PAN-OS, specifically affecting the GlobalProtect gateways and portals. Designated as CVE-2024-3400, this command injection flaw enables unauthenticated attackers to execute arbitrary code with root privileges. The vulnerability, holding a CVSS severity score of 10.0, is actively being exploited, as confirmed by Palo Alto Networks.

Affected Versions

The vulnerability impacts the following versions of PAN-OS, configured with either GlobalProtect gateway or portal (or both), and device telemetry enabled:

  • PAN-OS 10.2
  • PAN-OS 11.0
  • PAN-OS 11.1

Mitigation

  • PAN-OS 10.2: Update to 10.2.9-h1
  • PAN-OS 11.0: Update to 11.0.4-h1
  • PAN-OS 11.1: Update to 11.1.2-h3

TechCERT strongly encourages the application of these updates immediately.

More Information

Critical Linux Kernel Vulnerability Allows Unprivileged Local Users to Gain Root Privileges (CVE-2026-31431)

READ MORE READ MORE

Critical Microsoft SharePoint Flaw Exploitations in the Wild

READ MORE READ MORE
15 January 2025 [NO.TCSA : 20250115-1-1-E]

Auth Bypass Vulnerability Exploited in Wild to Hijack Fortinet Firewalls

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN