all InfoSec news
CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway
SpiderLabs Blog from Trustwave www.trustwave.com
Overview
A command injection vulnerability has been discovered in the GlobalProtect feature within Palo Alto Networks PAN-OS software for specific versions that have distinct feature configurations that may enable a remote, unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
alto arbitrary code attacker code command command injection cve cve-2024 cve-2024-3400 enable feature firewall gateway globalprotect injection may networks os command palo palo alto palo alto networks palo alto networks pan-os pan pan-os privileges root software unauthenticated vulnerability