Threat Intelligence: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway

Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts: 

A vulnerability, which is an unauthenticated command OS injection, has been found in Palo Alto Network’s GlobalProtect Gateway. The vulnerability allows unauthenticated attackers to inject arbitrary OS commands via the GlobalProtect Gateway interface, potentially leading to remote code execution or unauthorised access to sensitive information. 

At the time of publishing, Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability.  

Read more about the CVE detail here: CVE-2024-3400 

The CVSS (Common Vulnerability Scoring System) Severity Score has been rated as: 10  

It affects Palo Alto versions PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 

Palo Alto is releasing patches for all versions, expected to be available from 14/04/2024. Palo Alto also states customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682).  

In addition to enabling Threat ID 95187, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please visit the advice from Palo Alto for more information. 

If you need any further guidance on this, please contact DigitalXRAID’s Security Operations Centre analysts. We’re here to support you.  

If you discover that you’ve suffered a breach as a result of this or any other vulnerability, and need help urgently, get in contact with us. You can call our emergency line on 0800 066 4509 to speak to one of our experts. They’re available 24 hours a day, 7 days a week. Bookmark this page in case you ever need us.