Unrated severityCISA KEVNVD Advisory· Published Apr 12, 2024· Updated Oct 21, 2025
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
CVE-2024-3400
Description
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4(expand)+ 1 more
- (no CPE)
- (no CPE)range: 10.2.0
- Range: All
- Range: All
Patches
Vulnerability mechanics
References
4- security.paloaltonetworks.com/CVE-2024-3400mitrevendor-advisory
- unit42.paloaltonetworks.com/cve-2024-3400/mitretechnical-description
- www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/mitretechnical-description
- www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/mitretechnical-description
News mentions
4- The Gentlemen Ransomware Group Uses Fortinet Exploits, AI, and Custom C2 FrameworksCyber Security News · Jun 3, 2026
- Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersectTenable Blog · May 27, 2026
- Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain CompromiseTrend Micro Research · Mar 26, 2026
- Ransomware Tactics, Techniques, and Procedures in a Shifting Threat LandscapeMandiant Threat Intelligence · Mar 16, 2026