cve.2024-3400 | Detection.FYI

Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection

Aug 12, 2024 · attack.initial-access attack.persistence attack.privilege-escalation attack.defense-evasion cve.2024-3400 ·
Share on:

Detects potential exploitation attempts of CVE-2024-3400 - an OS command injection in Palo Alto GlobalProtect. This detection looks for suspicious strings that indicate a potential directory traversal attempt or command injection.

Read More
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - File Creation

Aug 12, 2024 · attack.execution cve.2024-3400 detection.emerging-threats ·
Share on:

Detects suspicious file creations in the Palo Alto Networks PAN-OS' parent telemetry folder, which are processed by the vulnerable 'dt_curl' script if device telemetry is enabled. As said script overrides the shell-subprocess restriction, arbitrary command execution may occur by carefully crafting filenames that are escaped through this function.

Read More