Description

Arbitrary File Creation vulnerability was identified in the GlobalProtect VPN feature of PAN-OS by Palo Alto Networks. This vulnerability affects specific versions under certain configurations and allows an unauthenticated attacker to execute arbitrary code with root privileges on the affected system.

Remediation

Upgrade to the latest version of PAN-OS

References

CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

Watchtowr Labs Analysis

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3387)

MediaWiki Improper Access Control Vulnerability (CVE-2015-8001)

WebLogic CVE-2023-21979 Vulnerability (CVE-2023-21979)

MySQL CVE-2018-3081 Vulnerability (CVE-2018-3081)

Java Unspesificed Vulnerability (CVE-2020-14798)

Severity

Critical

Classification

CVE-2024-3400 CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution Known Vulnerabilities