Description

Arbitrary File Creation vulnerability was identified in the GlobalProtect VPN feature of PAN-OS by Palo Alto Networks. This vulnerability affects specific versions under certain configurations and allows an unauthenticated attacker to execute arbitrary code with root privileges on the affected system.

Remediation

Upgrade to the latest version of PAN-OS

References

CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

Watchtowr Labs Analysis

Related Vulnerabilities

Jenkins Incorrect Authorization Vulnerability (CVE-2017-2599)

PrestaShop URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-5270)

Liferay Portal Missing Authorization Vulnerability (CVE-2023-3426)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2353)

Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-13675)

Severity

Critical

Classification

CVE-2024-3400 CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution Known Vulnerabilities