CVE-2024-3400: Unauthenticated code injection in PAN-OS
CVE-2024-3400 affects Palo Alto Networks PAN-OS software used to manage the first layer of defense for many enterprises A critical command injection vulnerability has been recently published affecting Palo Alto Networks PAN-OS software, which would allow an unauthenticated attacker to execute arbitrary code with root privileges on the affected firewalls. The vulnerability, assigned CVE-2024-3400, has a CVSS score of 10.0. PAN-OS software is the operating system that runs on Palo Alto Networks next-generation firewalls and is responsible for managing the first layer of defense of many companies. The vulnerability only applies to PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 versions configured with GlobalProtect Gateway or GlobalProtect Portal and device telemetry enabled. This issue does not affect Cloud NGFWs, Panorama or ...