Severity Level: Critical
Title:
CVE-2024-3400 PAN-OS
Timestamp:
Friday April12, 2024
Summary:
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Affected System (samples) :
PAN-OS versions 10.2
PAN-OS versions 11.0
PAN-OS versions 11.1
Recommendations:
updating the affected versions to the fixed or latest versions released by Palo Alto Networks.
For PAN-OS 10.2: :
- 10.2.9-h1 (Released 4/14/24)
- 10.2.8-h3 (ETA: 4/15/24)
- 10.2.7-h8 (ETA: 4/15/24)
- 10.2.6-h3 (ETA: 4/15/24)
- 10.2.5-h6 (ETA: 4/16/24) -
10.2.3-h13 (ETA: 4/17/24)
- 10.2.1-h2 (ETA: 4/17/24)
- 10.2.2-h5 (ETA: 4/18/24)
- 10.2.0-h3 (ETA: 4/18/24)
- 10.2.4-h16 (ETA: 4/19/24)
For PAN-OS 11.0 :
- 11.0.4-h1 (Released 4/14/24)
- 11.0.3-h10 (ETA: 4/15/24)
- 11.0.2-h4 (ETA: 4/16/24)
- 11.0.1-h4 (ETA: 4/17/24)
- 11.0.0-h3 (ETA: 4/18/24)
For PAN-OS 11.1:
- 11.1.2-h3 (Released 4/14/24)
- 11.1.1-h1 (ETA: 4/16/24)
- 11.1.0-h3 (ETA: 4/17/24)
References:
For references , Click here