Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

Last Revised

Palo Alto Networks has released workaround guidance for a command injection vulnerability (CVE-2024-3400) affecting PAN-OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability in the wild. 

CISA encourages users and administrators to review the Palo Alto Networks Security Advisory, apply the current mitigations, and update the affected software when Palo Alto Networks makes the fixes available. 

CISA has also added this vulnerability to its Known Exploited Vulnerabilities Catalog.

Additional resources:

This product is provided subject to this Notification and this Privacy & Use policy.