What is the CVSS score of CVE-2024-3400?

CVE-2024-3400 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 94.3%.

Is there a public PoC exploit available for CVE-2024-3400?

Yes, a public proof-of-concept exploit is available for CVE-2024-3400. Prioritise patching immediately. EPSS: 94.3%.

How to fix or mitigate CVE-2024-3400?

Within 24 hours: Identify all affected systems running the GlobalProtect feature of Palo Alto Networks PAN-OS softw and apply vendor patches immediately. Monitor vendor channels for patch availability.

CVE-2024-3400

CRITICAL

Improper Input Validation (CWE-20)

2024-04-12 psirt@paloaltonetworks.com

10.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:20 vuln.today

Added to CISA KEV

Nov 04, 2025 - 16:49 cisa

CISA KEV

PoC Detected

Nov 04, 2025 - 16:49 vuln.today

Public exploit code

CVE Published

Apr 12, 2024 - 08:15 nvd

CRITICAL 10.0

DescriptionNVD

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

AnalysisAI

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection via arbitrary file creation (CVSS 10.0) allowing unauthenticated root-level RCE, triggering an emergency patching directive from CISA in April 2024.

Technical ContextAI

The CWE-20 vulnerability allows unauthenticated attackers to create arbitrary files on the firewall through the GlobalProtect portal/gateway. The file creation capability is leveraged for command injection, achieving root-level code execution on the PAN-OS device.

Affected ProductsAI

Palo Alto Networks PAN-OS with GlobalProtect enabled (specific versions)

RemediationAI

Apply PAN-OS hotfixes immediately. Disable GlobalProtect portal/gateway if not critical. Check for IoCs including suspicious cron jobs and modified configurations. Rotate all credentials accessible from the firewall.

CVE-2024-3400 vulnerability details – vuln.today

Back

CVE-2024-3400

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code