cvelistv5 - CVE-2024-3400

Impacted product(s).
Vendor	Product
Palo Alto Networks	PAN-OS
Palo Alto Networks	Cloud NGFW
Palo Alto Networks	Prisma Access

icsa-24-116-03

Vulnerability from csaf_cisa

Published

2024-04-19 00:00

Modified

2024-04-19 00:00

Summary

Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW

Notes

Summary

Palo Alto Networks has published [1] information on CVE-2024-3400 in PAN-OS. This advisory addresses Siemens Industrial products affected by this vulnerability. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications. [1] https://security.paloaltonetworks.com/CVE-2024-3400

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Advisory Conversion Disclaimer

This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.

Critical infrastructure sectors

Multiple

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens ProductCERT",
        "summary": "reporting this vulnerability to CISA."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Palo Alto Networks has published [1] information on CVE-2024-3400 in PAN-OS. This advisory addresses Siemens Industrial products affected by this vulnerability.\n\nSiemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks\u0027 upstream security notifications.\n\n[1] https://security.paloaltonetworks.com/CVE-2024-3400",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "other",
        "text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "other",
        "text": "Multiple",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-750274.json"
      },
      {
        "category": "self",
        "summary": "SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-750274.html"
      },
      {
        "category": "self",
        "summary": "SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750274.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-750274.txt"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-116-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-116-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-116-03 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-116-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW",
    "tracking": {
      "current_release_date": "2024-04-19T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSA-24-116-03",
      "initial_release_date": "2024-04-19T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-04-19T00:00:00.000000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM APE1808"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3400",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\r\n\r\nCloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable GlobalProtect gateway and GlobalProtect portal; note that these features are disabled by default in RUGGEDCOM APE1808 deployments",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). For further instruction see Palo Alto Network\u0027s upstream notification (https://security.paloaltonetworks.com/CVE-2024-3400)",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Contact customer support to receive patch and update information.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2024-3400"
    }
  ]
}

ghsa-v475-xhc9-wfxg

Vulnerability from github

Published

2024-04-12 09:33

Modified

2024-04-20 00:31

Details

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-3400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-12T08:15:06Z",
    "severity": "CRITICAL"
  },
  "details": "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nFixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.",
  "id": "GHSA-v475-xhc9-wfxg",
  "modified": "2024-04-20T00:31:52Z",
  "published": "2024-04-12T09:33:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3400"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2024-3400"
    },
    {
      "type": "WEB",
      "url": "https://unit42.paloaltonetworks.com/cve-2024-3400"
    },
    {
      "type": "WEB",
      "url": "https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve"
    },
    {
      "type": "WEB",
      "url": "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ssa-750274

Vulnerability from csaf_siemens

Published

2024-04-19 00:00

Modified

2024-04-19 00:00

Summary

SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW

Notes

Summary

Palo Alto Networks has published [1] information on CVE-2024-3400 in PAN-OS. This advisory addresses Siemens Industrial products affected by this vulnerability. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications. [1] https://security.paloaltonetworks.com/CVE-2024-3400

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Palo Alto Networks has published [1] information on CVE-2024-3400 in PAN-OS. This advisory addresses Siemens Industrial products affected by this vulnerability.\n\nSiemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks\u0027 upstream security notifications.\n\n[1] https://security.paloaltonetworks.com/CVE-2024-3400",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-750274.html"
      },
      {
        "category": "self",
        "summary": "SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-750274.json"
      },
      {
        "category": "self",
        "summary": "SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750274.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-750274.txt"
      }
    ],
    "title": "SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW",
    "tracking": {
      "current_release_date": "2024-04-19T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-750274",
      "initial_release_date": "2024-04-19T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-04-19T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions with Palo Alto Networks Virtual NGFW configured with GlobalProtect gateway or GlobalProtect portal (or both).",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM APE1808"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3400",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\r\n\r\nCloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable GlobalProtect gateway and GlobalProtect portal; note that these features are disabled by default in RUGGEDCOM APE1808 deployments",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). For further instruction see Palo Alto Network\u0027s upstream notification (https://security.paloaltonetworks.com/CVE-2024-3400)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Contact customer support to receive patch and update information.",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-3400"
    }
  ]
}

wid-sec-w-2024-0878

Vulnerability from csaf_certbund

Published

2024-04-11 22:00

Modified

2024-04-11 22:00

Summary

PaloAlto Networks PAN-OS: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

PAN-OS ist das Betriebssystem der Sicherheitssysteme / Firewalls der Firma Palo Alto Networks.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PaloAlto Networks PAN-OS ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PAN-OS ist das Betriebssystem der Sicherheitssysteme / Firewalls der Firma Palo Alto Networks.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PaloAlto Networks PAN-OS ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0878 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0878.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0878 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0878"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisories vom 2024-04-11",
        "url": "https://security.paloaltonetworks.com/CVE-2024-3400"
      }
    ],
    "source_lang": "en-US",
    "title": "PaloAlto Networks PAN-OS: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode mit Administratorrechten",
    "tracking": {
      "current_release_date": "2024-04-11T22:00:00.000+00:00",
      "generator": {
        "date": "2024-04-17T09:53:14.305+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0878",
      "initial_release_date": "2024-04-11T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-11T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c11.1.2-h3",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c11.1.2-h3",
                  "product_id": "T034104",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:11.1.2-h3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.4-h1",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c11.0.4-h1",
                  "product_id": "T034105",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.4-h1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.2.9-h1",
                "product": {
                  "name": "PaloAlto Networks PAN-OS \u003c10.2.9-h1",
                  "product_id": "T034106",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.9-h1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PAN-OS"
          }
        ],
        "category": "vendor",
        "name": "PaloAlto Networks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3400",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS. Dieser Fehler besteht in der GlobalProtect-Funktion aufgrund einer Anf\u00e4lligkeit f\u00fcr eine Command Injection. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code mit Root-Rechten auf der Firewall auszuf\u00fchren."
        }
      ],
      "release_date": "2024-04-11T22:00:00Z",
      "title": "CVE-2024-3400"
    }
  ]
}

gsd-2024-3400

Vulnerability from gsd

Modified

2024-04-11 05:03

Details

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.

Aliases

CVE-2024-3400

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-3400"
      ],
      "details": "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nFixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.",
      "id": "GSD-2024-3400",
      "modified": "2024-04-11T05:03:27.203461Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@paloaltonetworks.com",
        "ID": "CVE-2024-3400",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PAN-OS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "status": "unaffected",
                                "version": "9.0.0"
                              },
                              {
                                "status": "unaffected",
                                "version": "9.1.0"
                              },
                              {
                                "status": "unaffected",
                                "version": "10.0.0"
                              },
                              {
                                "status": "unaffected",
                                "version": "10.1.0"
                              },
                              {
                                "changes": [
                                  {
                                    "at": "10.2.9-h1",
                                    "status": "unaffected"
                                  }
                                ],
                                "lessThan": "10.2.9-h1",
                                "status": "affected",
                                "version": "10.2.0",
                                "versionType": "custom"
                              },
                              {
                                "changes": [
                                  {
                                    "at": "11.0.4-h1",
                                    "status": "unaffected"
                                  }
                                ],
                                "lessThan": "11.0.4-h1",
                                "status": "affected",
                                "version": "11.0.0",
                                "versionType": "custom"
                              },
                              {
                                "changes": [
                                  {
                                    "at": "11.1.2-h3",
                                    "status": "unaffected"
                                  }
                                ],
                                "lessThan": "11.1.2-h3",
                                "status": "affected",
                                "version": "11.1.0",
                                "versionType": "custom"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Cloud NGFW",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "status": "unaffected",
                                "version": "All"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Prisma Access",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "status": "unaffected",
                                "version": "All"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Palo Alto Networks"
            }
          ]
        }
      },
      "configuration": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.\u003cbr\u003e\u003cbr\u003eYou can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network \u0026gt; GlobalProtect \u0026gt; Gateways or Network \u0026gt; GlobalProtect \u0026gt; Portals)."
            }
          ],
          "value": "This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.\n\nYou can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network \u003e GlobalProtect \u003e Gateways or Network \u003e GlobalProtect \u003e Portals)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Volexity for detecting and identifying this issue."
        },
        {
          "lang": "en",
          "value": "Capability Development Group at Bishop Fox for helping us verify the fixes and improve threat prevention signatures."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nCloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability."
          }
        ]
      },
      "exploit": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties.\u003cbr\u003e\u003cbr\u003eMore information about the vulnerability\u0027s exploitation in the wild can be found in the Unit 42 threat brief (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://unit42.paloaltonetworks.com/cve-2024-3400/\"\u003ehttps://unit42.paloaltonetworks.com/cve-2024-3400/\u003c/a\u003e) and the Palo Alto Networks PSIRT blog post (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/)\"\u003ehttps://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/)\u003c/a\u003e."
            }
          ],
          "value": "Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability. Proof of concepts for this vulnerability have been publicly disclosed by third parties.\n\nMore information about the vulnerability\u0027s exploitation in the wild can be found in the Unit 42 threat brief ( https://unit42.paloaltonetworks.com/cve-2024-3400/ ) and the Palo Alto Networks PSIRT blog post ( https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/) ."
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-77",
                "lang": "eng",
                "value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
              }
            ]
          },
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20 Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.paloaltonetworks.com/CVE-2024-3400",
            "refsource": "MISC",
            "url": "https://security.paloaltonetworks.com/CVE-2024-3400"
          },
          {
            "name": "https://unit42.paloaltonetworks.com/cve-2024-3400/",
            "refsource": "MISC",
            "url": "https://unit42.paloaltonetworks.com/cve-2024-3400/"
          },
          {
            "name": "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/",
            "refsource": "MISC",
            "url": "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
          },
          {
            "name": "https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/",
            "refsource": "MISC",
            "url": "https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We strongly advise customers to immediately upgrade to a fixed version of PAN-OS to protect their devices even when workarounds and mitigations have been applied.\u003cbr\u003e\u003cbr\u003eThis issue is fixed in PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Customers who upgrade to these versions will be fully protected."
            }
          ],
          "value": "We strongly advise customers to immediately upgrade to a fixed version of PAN-OS to protect their devices even when workarounds and mitigations have been applied.\n\nThis issue is fixed in PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Customers who upgrade to these versions will be fully protected."
        }
      ],
      "source": {
        "defect": [
          "PAN-252214"
        ],
        "discovery": "USER"
      },
      "work_around": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). Please monitor this advisory and new Threat Prevention content updates for additional Threat Prevention IDs around CVE-2024-3400.\u003cbr\u003e\u003cbr\u003eTo apply the Threat IDs, customers must ensure that vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\"\u003ehttps://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\u003c/a\u003e for more information."
            }
          ],
          "value": "Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). Please monitor this advisory and new Threat Prevention content updates for additional Threat Prevention IDs around CVE-2024-3400.\n\nTo apply the Threat IDs, customers must ensure that vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see  https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184  for more information."
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2024-04-19",
        "cisaExploitAdd": "2024-04-12",
        "cisaRequiredAction": "Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.",
        "cisaVulnerabilityName": "Palo Alto Networks PAN-OS Command Injection Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "F54B40AC-A555-4447-B147-576D17CAB12A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "BEC5E9D4-1B58-4C89-8B68-47F996C04234",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
                    "matchCriteriaId": "DDDEB31F-EFDD-4A66-9687-7FFCF8EFDAAF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
                    "matchCriteriaId": "0F30A71D-281E-4BF8-803F-05B517399C6A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "5CB7F608-4F03-46EF-A27E-4C8F5363FF5E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
                    "matchCriteriaId": "33340036-0E81-41CD-AFC4-480F509F8DD2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "5D7986DC-187D-4798-8B4A-7D23DF0EE0C8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
                    "matchCriteriaId": "9D1FAC78-7714-48EC-9FDB-1A565814B958",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
                    "matchCriteriaId": "4B86668F-7BC5-4F50-AE80-E99F6DE370D7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
                    "matchCriteriaId": "98F219AD-A22F-47AC-88FE-B3F75AE059AC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
                    "matchCriteriaId": "A79C13FD-C909-4FEE-AE24-A085E953D887",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
                    "matchCriteriaId": "A7FCFB45-1150-4F9C-8E4B-3DB2ADE89454",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
                    "matchCriteriaId": "50F0801B-FC9F-4018-A837-CAB8CB9C9CD4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
                    "matchCriteriaId": "C8C4AC1F-4FF0-4500-AFBB-F29613358156",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
                    "matchCriteriaId": "6FE16CA7-422A-4A53-8DDC-CB3A982C154F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
                    "matchCriteriaId": "135588B5-6771-46A3-98B0-39B4873FD6FD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*",
                    "matchCriteriaId": "6ADF2A5B-DC55-44B1-A033-4A29C32AB5B1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
                    "matchCriteriaId": "20673F1E-733D-41C4-A644-C482431C26EC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
                    "matchCriteriaId": "156DA55E-4152-47BF-A067-136EEC9ADE22",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
                    "matchCriteriaId": "C2D2F5C4-7ACC-4514-ADBD-3948158B93CC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*",
                    "matchCriteriaId": "AEE36B5C-262E-42B0-B3C1-5EAA003E84B7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "619AD3DA-9384-4CC5-9F3D-66DB5A055BCB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*",
                    "matchCriteriaId": "1360C403-BCD8-420E-B907-4127E12B3A3A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*",
                    "matchCriteriaId": "B3AF86BD-C317-45C7-96B6-34BD82579FDB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "09F61A78-1B7C-41F1-A0D8-0AB1E7ADF68C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
                    "matchCriteriaId": "A8C42D98-CF8F-456B-9D57-80BBDC2C8E74",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
                    "matchCriteriaId": "776E06EC-2FDA-4664-AB43-9F6BE9B897CA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
                    "matchCriteriaId": "CBE09375-A863-42FF-813F-C20679D7C45C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
                    "matchCriteriaId": "D814F3A3-5E9D-426D-A654-1346D9ECE9B3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "8BB72E15-486F-491F-A08D-E1AC2C8AB121",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "B5E7EFD5-2179-45BF-BF5B-197B66903D9C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
                    "matchCriteriaId": "3EF4AE4F-36F3-4923-AE1E-DE9E036D4E2F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
                    "matchCriteriaId": "10A69DAE-5AD5-4E1C-9DF0-C7B7BB023B66",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
                    "matchCriteriaId": "DFAA23E0-232D-42AA-A5A9-87063348D0DF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
                    "matchCriteriaId": "50EA3EAC-91BD-4B30-A885-BED95B48CC3F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*",
                    "matchCriteriaId": "C25AD9EA-7DDC-4704-9D7C-A1D6C1F5F696",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "2416C2EF-1085-493D-84D7-18F7577D4A01",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*",
                    "matchCriteriaId": "5E1D99D8-300C-4985-835C-3EBA2BFC098B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*",
                    "matchCriteriaId": "8B689FAD-0469-4222-A7EF-3268CCDA43A7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*",
                    "matchCriteriaId": "D27A5944-FCD8-44AB-9986-0FCA24E81F5B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "B4425F47-446D-49C1-AAC9-5F5B7E5422A6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*",
                    "matchCriteriaId": "A0ED8E63-B8F0-482A-A8A9-13C21D60EEB9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*",
                    "matchCriteriaId": "9110DBFB-07D6-4D64-A8AA-C0E7A7037A87",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*",
                    "matchCriteriaId": "723956E9-11FD-42A0-8A35-C1FDE9E1877C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "82FBA0C5-1385-42DD-A85D-DA1D818D0EF3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "6FAC22EB-FB4C-4E9D-99A1-D4902262ED06",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*",
                    "matchCriteriaId": "B3D65F1C-B055-408E-B7F2-512F13BEDCA6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*",
                    "matchCriteriaId": "2DC41D6E-8632-44BB-BC05-7C22A02306A2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
                    "matchCriteriaId": "5F7627B3-A463-4570-BA23-663FEB7B4A8B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
                    "matchCriteriaId": "275872C1-1EBB-4447-8C9F-347F757BFF42",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nCloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability."
          },
          {
            "lang": "es",
            "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n GlobalProtect del software PAN-OS de Palo Alto Networks para versiones espec\u00edficas de PAN-OS y configuraciones de funciones distintas puede permitir que un atacante no autenticado ejecute c\u00f3digo arbitrario con privilegios de root en el firewall. Cloud NGFW, dispositivos Panorama y Prisma Access no se ven afectados por esta vulnerabilidad."
          }
        ],
        "id": "CVE-2024-3400",
        "lastModified": "2024-04-23T19:57:25.207",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 6.0,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 6.0,
              "source": "psirt@paloaltonetworks.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-04-12T08:15:06.230",
        "references": [
          {
            "source": "psirt@paloaltonetworks.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-3400"
          },
          {
            "source": "psirt@paloaltonetworks.com",
            "tags": [
              "Exploit",
              "Vendor Advisory"
            ],
            "url": "https://unit42.paloaltonetworks.com/cve-2024-3400/"
          },
          {
            "source": "psirt@paloaltonetworks.com",
            "tags": [
              "Technical Description",
              "Vendor Advisory"
            ],
            "url": "https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/"
          },
          {
            "source": "psirt@paloaltonetworks.com",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
          }
        ],
        "sourceIdentifier": "psirt@paloaltonetworks.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-77"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-20"
              },
              {
                "lang": "en",
                "value": "CWE-77"
              }
            ],
            "source": "psirt@paloaltonetworks.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

CVE-2024-3400

Vulnerability from cvelistv5

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

Action not permitted

CVE-2024-3400

Vulnerability from cvelistv5

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

icsa-24-116-03

Vulnerability from csaf_cisa

ghsa-v475-xhc9-wfxg

Vulnerability from github

ssa-750274

Vulnerability from csaf_siemens

wid-sec-w-2024-0878

Vulnerability from csaf_certbund

gsd-2024-3400

Vulnerability from gsd