VDB
CNVD-2024-20432
CNVD-2024-20432
PUBLISHED
CVSS 10 CRITICAL
Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一款下一代防火墙软件。 Palo Alto Networks PAN-OS存在命令注入漏洞,该漏洞源于GlobalProtect 功能中存在命令注入漏洞,未经身份验证的攻击者可利用该漏洞在防火墙上以 root权限执行任意代码。
Risk Scores
CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Palo Alto Networks | PAN-OS | 11.1.0, 9.1.0, 10.0.0 |
| Palo Alto Networks | Prisma Access | All |
| paloaltonetworks | pan-os | 11.0.0, 11.1.0, 10.2.0 |
| Palo Alto Networks | Cloud NGFW | All |
Timeline
- Apr 11, 2024 CVE Published
- Apr 12, 2024 PoC Published
- Apr 12, 2024 PoC Published
- Apr 12, 2024 PoC Published
- Apr 12, 2024 PoC Published
- Apr 12, 2024 PoC Published
- Apr 12, 2024 PoC Published
- Apr 12, 2024 PoC Published
- Apr 12, 2024 PoC Published
- Apr 12, 2024 PoC Published
- Apr 12, 2024 PoC Published
- Apr 12, 2024 PoC Published
References
- https://security.paloaltonetworks.com/CVE-2024-3400 vendor-advisory
- https://unit42.paloaltonetworks.com/cve-2024-3400/ url
- https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ url
- https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/ url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3400 url