Security News > 2024 > April > Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability

Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability
2024-04-15 08:17

Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root


News URL

https://thehackernews.com/2024/04/palo-alto-networks-releases-urgent.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-04-12 CVE-2024-3400 Command Injection vulnerability in Paloaltonetworks Pan-Os
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
network
low complexity
paloaltonetworks CWE-77
critical
 10.0
10