Description

Arbitrary File Creation vulnerability was identified in the GlobalProtect VPN feature of PAN-OS by Palo Alto Networks. This vulnerability affects specific versions under certain configurations and allows an unauthenticated attacker to execute arbitrary code with root privileges on the affected system.

Remediation

Upgrade to the latest version of PAN-OS

References

CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

Watchtowr Labs Analysis

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2853)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20042)

Oracle Database Server CVE-2014-6545 Vulnerability (CVE-2014-6545)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-2231)

MySQL CVE-2015-4792 Vulnerability (CVE-2015-4792)

Severity

Critical

Classification

CVE-2024-3400 CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution Known Vulnerabilities