DESCRIPTION:
A command injection vulnerability(CVE-2024-3400) in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
AFFECTED RELEASES:
PAN-OS versions prior to 10.2.9-h1(exclusive)
PAN-OS versions prior to 11.0.4-h1(exclusive)
PAN-OS versions prior to 11.1.2-h3(exclusive)
SOLUTION:
1. Users and system administrators of affected products are advised to apply the security updates
PAN-OS 10.2 series please update to 10.2.9-h1 onwards
PAN-OS 11.0 series please update to 11.0.4-h1 onwards
PAN-OS 11.1 series please update to 11.1.2-h3 onwards
REFERENCE:
1. https://nvd.nist.gov/vuln/detail/CVE-2024-3400
2. https://security.paloaltonetworks.com/CVE-2024-3400
3. https://www.ithome.com.tw/news/162282