Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Palo Alto Networks PAN-OS devices with the GlobalProtect VPN feature include vulnerabilities that have been exploited by threat actors. Exploit code is publicly available, which makes the process of exploiting chained vulnerabilities easier for the attacker. An unauthenticated attacker can run arbitrary code with root privileges to gain control of a PAN-OS device and launch additional attacks on the network.
Kill Chain
Risk Score
87
The GlobalProtect VPN feature of Palo Alto Networks PAN-OS has a command injection vulnerability (CVE-2024-3400) that leads to remote code execution (RCE). An unauthenticated attacker sends a specially designed HTTP request that contains a malicious shell command instead of a valid SESSID cookie to the GlobalProtect web server. As a result, the GlobalProtect web server creates an empty file on the system with a malicious command as the filename. When device telemetry is enabled, a regularly scheduled system job runs the malicious command with root privileges, which enables the attacker to gain control of the device.
Upgrade to PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3 or later PAN-OS versions
