Are you affected
by CVE-2024-3400?

This command injection vulnerability, announced on 12th April 2024, specifically targets the GlobalProtect features of Palo Alto Networks firewalls. The vulnerability allows an unauthenticated attacker to execute arbitrary code on the appliance with root privilege. As such, it is classed as a Critical Vulnerability and needs to be resolved immediately. But how do you know if your security infrastructure is vulnerable to an exploit?  

Our Solution Architects have built a tool called PyNetCheck that allows our customers to quickly identify which Palo Alto appliances in their network are running the impacted versions of the PAN-OS and have Global Protect configured. It allows IP Fabric customers to programmatically define automated checks of inventory, configurations, interconnections within the network. The checks can also embed external data. 

The publicly released PyNetCheck project contains sample tests and checks including those for specific critical CVEs, and because we have the data in the IP Fabric platform relating to configuration and code versions, we have updated PyNetCheck to specifically report on the presence of conditions for CVE-2024-3400 in your Palo Alto Networks security appliances.