Palo Alto PAN-OS GlobalProtect Remote Code Execution

critical Web App Scanning Plugin ID 114282

Synopsis

Palo Alto PAN-OS GlobalProtect Remote Code Execution

Description

Palo Alto PAN-OS versions 11.1.x < 11.1.0-h3 / 11.1.1-h1 / 11.1.2-h3, 11.0.x < 11.0.0-h3 / 11.0.1-h4 / 11.0.2-h4 / 11.0.3-h10 / 11.0.4-h1, 10.2.x < 10.2.0-h3 / 10.2.1-h2 / 10.2.2-h5 / 10.2.3-h13 / 10.2.4-h16 / 10.2.5-h6 / 10.2.6-h3 / 10.2.7-h8 / 10.2.8-h3 / 10.2.9-h1 suffer from an arbitrary file write vulnerability in the GlobalProtect feature, enabling a remote and unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Note that this plugin requires the 'File Upload' assessment option enabled in the scan configuration.

Solution

For versions 11.1.x, upgrade to version 11.1.0-h3, 11.1.1-h1, 11.1.2-h3 or later. For versions 11.0.x, upgrade to version 11.0.0-h3, 11.0.1-h4, 11.0.2-h4, 11.0.3-h10, 11.0.4-h1 or later. For version 10.2.x, upgrade to version 10.2.0-h3, 10.2.1-h2, 10.2.2-h5, 10.2.3-h13, 10.2.4-h16, 10.2.5-h6, 10.2.6-h3, 10.2.7-h8, 10.2.8-h3, 10.2.9-h1 or later.

See Also

https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/

https://security.paloaltonetworks.com/CVE-2024-3400

Plugin Details

Severity: Critical

ID: 114282

Type: remote

Published: 5/21/2024

Updated: 5/21/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-3400

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS Score Source: CVE-2024-3400

CVSS v4

Risk Factor: Critical

Base Score: 10

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVSS Score Source: CVE-2024-3400

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/12/2024

Vulnerability Publication Date: 4/12/2024

CISA Known Exploited Vulnerability Due Dates: 4/19/2024

Reference Information

CVE: CVE-2024-3400