CVE-2024-3400: Palo Alto Networks PAN-OS Command Injection Vulnerability.

Palo Alto Networks PAN-OS Command Injection Vulnerability. Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.

• CISA KEV-listed (remediation due 2024-04-19)
• used in ransomware campaigns
• EPSS 94.3% (99.9% percentile)

Detection rules

• Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - File Creation medium
• Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection high
• Python Path Configuration File Creation - Linux medium
• Python Path Configuration File Creation - MacOS medium
• Python Path Configuration File Creation - Windows medium

Related briefings

• RansomHub (Knight/Cyclops Rebranded): CVE-2024-3400 and ZeroLogon in Sub-14-Hour Attack, PCHunter EDR Termination, FileZilla Exfiltration, and Multi-Platform Ransomware Variants 2026-02-16

Browse the CVE database

Read the full analysis on IntelFusions