The vulnerability tracked as CVE-2024-3400 allows an unauthenticated attacker to inject commands executed as root on a Palo Alto firewall through the GlobalProtect VPN.
The following Pan-OS version are impacted
| Versions | Affected | Unaffected |
|---|---|---|
| PAN-OS 11.1 | < 11.1.0-h3 < 11.1.1-h1 < 11.1.2-h3 | >= 11.1.0-h3 >= 11.1.1-h1 >= 11.1.2-h3 |
| PAN-OS 11.0 | < 11.0.2-h4 < 11.0.3-h10 < 11.0.4-h1 | >= 11.0.2-h4 >= 11.0.3-h10 >= 11.0.4-h1 |
| PAN-OS 10.2 | < 10.2.5-h6 < 10.2.6-h3 < 10.2.7-h8 < 10.2.8-h3 < 10.2.9-h1 | >= 10.2.5-h6 >= 10.2.6-h3 >= 10.2.7-h8 >= 10.2.8-h3 >= 10.2.9-h1 |
Stormhield Network Security (SNS) appliance protects you from that attack, thanks to dedicated IPS signatures. To work efficiently, the SSL proxy must be enabled.
| ID | Name |
| http:client:header:195 | Local file inclusion attempt in HTTP header. |