The CVE-2024-3400 vulnerability is a critical flaw discovered in the GlobalProtect functionality of Palo Alto Networks’ PAN-OS operating system. It allows an unauthenticated attacker to remotely execute arbitrary commands with root privileges on the affected firewall. This vulnerability has been assigned a severity score of 10 on the CVSS scale, reflecting its high risk level.
Exploitation of this flaw relies on two combined flaws in PAN-OS. The first involves insufficient validation of the session ID format by the GlobalProtect service, allowing an attacker to create an empty file with a name of their choosing. The second flaw involves excessive reliance on these filenames, which are used to construct system commands, paving the way for the injection of malicious commands.
Evidence of active exploitation of this vulnerability has been observed, with attackers installing custom backdoors, such as UPSTYLE, on targeted devices. These backdoors allow attackers to execute additional commands on the compromised firewall.
Palo Alto Networks has released patches for affected versions of PAN-OS, including 10.2, 11.0, and 11.1. Users of these versions are recommended to apply the provided security updates to mitigate the risks associated with this vulnerability.
Added ONYPHE detection
This detection was added on February 14, 2025 in our engine.