Are you affected by CVE-2024-3400?

Are you affected
by CVE-2024-3400?

IP Fabric's Automated Network Assurance Platform is built to ensure your network remains up, stable, and secure, and that includes providing proactive notification of issues before they arise.  

Our comprehensive model of your network gives you a holistic understanding of your cybersecurity attack surface, and the risks associated with it. This includes being able to identify known vulnerabilities in your network infrastructure, notified through NIST's multi-vendor CVE - Common Vulnerability and Exposures Program. 

What is CVE-2024-3400?

This command injection vulnerability, announced on 12th April 2024, specifically targets the GlobalProtect features of Palo Alto Networks firewalls. The vulnerability allows an unauthenticated attacker to execute arbitrary code on the appliance with root privilege. As such, it is classed as a Critical Vulnerability and needs to be resolved immediately. But how do you know if your security infrastructure is vulnerable to an exploit?  

How can you fix it? 

1. The workaround is to disable GlobalProtect features on your firewall

2. but the long-term fix is to upgrade your appliance to a fixed release of PAN-OS (details can be found on Palo Alto Networks' website). 

IP Fabric easily identifies
which devices are at risk

Our Solution Architects have built a tool called PyNetCheck that allows our customers to quickly identify which Palo Alto appliances in their network are running the impacted versions of the PAN-OS and have Global Protect configured. It allows IP Fabric customers to programmatically define automated checks of inventory, configurations, interconnections within the network. The checks can also embed external data. 

The publicly released PyNetCheck project contains sample tests and checks including those for specific critical CVEs, and because we have the data in the IP Fabric platform relating to configuration and code versions, we have updated PyNetCheck to specifically report on the presence of conditions for CVE-2024-3400 in your Palo Alto Networks security appliances. 
Do you have questions?
Can’t find the answer you’re looking for? Please chat with our experts or send us an email.
We're Hiring!
Join the Team and be part of the Future of Network Automation
Available Positions
98 North Washington Street
Suite 407
Boston, MA 02114
United States
This is a block of text. Double-click this text to edit it.
Phone : +1 617-821-3639
IP Fabric s.r.o.
Kateřinská 466/40
Praha 2 - Nové Město, 120 00
Czech Republic
This is a block of text. Double-click this text to edit it.
Phone : +420 720 022 997
IP Fabric UK Limited
Gateley Legal, 1 Paternoster Square, London,
England EC4M 7DX
This is a block of text. Double-click this text to edit it.
Phone : +420 720 022 997
IP Fabric, Inc. © 2024 All Rights Reserved