CVE-2024-3400
CRITICAL CISA KEVCVSS v3
10
CRITICAL
EPSS Score
—
exploit probability
CISA KEV
Yes
known exploited
Exploitation
—
SSVC status
Description
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
CISA Known Exploited Vulnerability
- Date Added
- 4/12/2024
- Patch Due Date
- 4/19/2024
- Ransomware Use
- Known
- Required Action
- Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 4/12/2024
- Last Modified
- 11/4/2025
Frequently Asked Questions
What is CVE-2024-3400?
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Is CVE-2024-3400 actively exploited?
Yes. CVE-2024-3400 is on the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it has been confirmed as actively exploited in the wild. CISA requires federal agencies to patch by 4/19/2024.
What is the CVSS score for CVE-2024-3400?
CVE-2024-3400 has a CVSS v3 base score of 10 (CRITICAL severity), with vector string 3.1.
Is CVE-2024-3400 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.