Description

Arbitrary File Creation vulnerability was identified in the GlobalProtect VPN feature of PAN-OS by Palo Alto Networks. This vulnerability affects specific versions under certain configurations and allows an unauthenticated attacker to execute arbitrary code with root privileges on the affected system.

Remediation

Upgrade to the latest version of PAN-OS

References

CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

Watchtowr Labs Analysis

Related Vulnerabilities

Squid Improper Input Validation Vulnerability (CVE-2021-31808)

Liferay Portal Observable Discrepancy Vulnerability (CVE-2024-25146)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-15605)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-7137)

Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-16865)

Severity

Critical

Classification

CVE-2024-3400 CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution Known Vulnerabilities