CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Apr 19, 2024

CVE-2024-3400

High

EPSS 94.3%CISA KEVRansomware

Description

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

EPSS — Exploit Probability

94.3%

Higher than 99.9% of all CVEs

Required Action

https://security.paloaltonetworks.com/CVE-2024-3400 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3400

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 94.3%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Apr 12, 2024

Added to KEV

Apr 12, 2024

Remediation Due

Apr 19, 2024

Affected Product

Palo Alto Networks

PAN-OS

View all Palo Alto Networks CVEs

External Links

NVD (NIST)CVE Details MITRE CVE