### [CVE-2024-3400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3400)
![](https://img.shields.io/static/v1?label=Product&message=Cloud%20NGFW&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=PAN-OS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Prisma%20Access&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen)

### Description

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

### POC

#### Reference
- https://security.paloaltonetworks.com/CVE-2024-3400
- https://unit42.paloaltonetworks.com/cve-2024-3400/

#### Github
- https://github.com/0x0d3ad/CVE-2024-3400
- https://github.com/0xMarcio/cve
- https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection
- https://github.com/20142995/nuclei-templates
- https://github.com/AdaniKamal/CVE-2024-3400
- https://github.com/CONDITIONBLACK/CVE-2024-3400-POC
- https://github.com/CerTusHack/CVE-2024-3400-PoC
- https://github.com/Chocapikk/CVE-2024-3400
- https://github.com/DrewskyDev/CVE-2024-3400
- https://github.com/FoxyProxys/CVE-2024-3400
- https://github.com/GhostTroops/TOP
- https://github.com/H4lo/awesome-IoT-security-article
- https://github.com/HackingLZ/panrapidcheck
- https://github.com/Kr0ff/cve-2024-3400
- https://github.com/LoanVitor/CVE-2024-3400-
- https://github.com/MrR0b0t19/CVE-2024-3400
- https://github.com/MurrayR0123/CVE-2024-3400-Compromise-Checker
- https://github.com/Ostorlab/KEV
- https://github.com/Ravaan21/CVE-2024-3400
- https://github.com/T43cr0wl3r/Gorilla_Sessions
- https://github.com/Tig3rHu/Awesome_IOT_Vul_lib
- https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan
- https://github.com/Yuvvi01/CVE-2024-3400
- https://github.com/ZephrFish/CVE-2024-3400-Canary
- https://github.com/ak1t4/CVE-2024-3400
- https://github.com/andrelia-hacks/CVE-2024-3400
- https://github.com/aneasystone/github-trending
- https://github.com/codeblueprint/CVE-2024-3400
- https://github.com/enomothem/PenTestNote
- https://github.com/fatguru/dorks
- https://github.com/fireinrain/github-trending
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/h4x0r-dz/CVE-2024-3400
- https://github.com/hahasagined/CVE-2024-3400
- https://github.com/ihebski/CVE-2024-3400
- https://github.com/index2014/CVE-2024-3400-Checker
- https://github.com/iwallarm/cve-2024-3400
- https://github.com/jcaballero/cve-scanner
- https://github.com/k4nfr3/nmap-scripts
- https://github.com/kerberoshacker/CVE-2024-3400-POC
- https://github.com/kerberoshacker2/CVE-2024-3400-POC
- https://github.com/lirantal/cve-cvss-calculator
- https://github.com/marconesler/CVE-2024-3400
- https://github.com/momika233/CVE-2024-3400
- https://github.com/netlas-io/netlas-dorks
- https://github.com/nitish778191/fitness_app
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/phantomradar/cve-2024-3400-poc
- https://github.com/pwnj0hn/CVE-2024-3400
- https://github.com/retkoussa/CVE-2024-3400
- https://github.com/schooldropout1337/CVE-2024-3400
- https://github.com/schooldropout1337/gorilla
- https://github.com/stronglier/CVE-2024-3400
- https://github.com/swaybs/CVE-2024-3400
- https://github.com/sxyrxyy/CVE-2024-3400-Check
- https://github.com/tanjiti/sec_profile
- https://github.com/terminalJunki3/CVE-2024-3400-Checker
- https://github.com/tfrederick74656/cve-2024-3400-poc
- https://github.com/tk-sawada/IPLineFinder
- https://github.com/toxyl/lscve
- https://github.com/vulsio/go-cve-dictionary
- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
- https://github.com/zam89/CVE-2024-3400-pot