https://community.appian.com/support/w/kb/3527/kb-2301-information-about-the-pan-os-global-protect-command-injection-vulnerability-cve-2024-3400en-USTelligent Community 12https://community.appian.com/support/w/kb/3527/kb-2301-information-about-the-pan-os-global-protect-command-injection-vulnerability-cve-2024-3400Mon, 15 Apr 2024 18:24:00 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:47063719-c392-4640-9daa-f79a327a15fapauline.delacruzhttps://community.appian.com/support/w/kb/3527/kb-2301-information-about-the-pan-os-global-protect-command-injection-vulnerability-cve-2024-3400#commentsCurrent Revision posted to Appian Knowledge Base by pauline.delacruz on 4/15/2024 6:24:00 PM<br /> <p><span style="font-weight:400;">On 12-Apr-2024, Palo Alto Networks released a </span><a href="https://security.paloaltonetworks.com/CVE-2024-3400"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> regarding a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software. The same day, CISA released a concurrent </span><a href="https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> and added the vulnerability to its Known Exploited Vulnerability Catalog.</span></p> <p><span style="font-weight:400;">Upon assessing the Appian platform against all details of the CVE, we can confirm that the Appian platform is not impacted by this vulnerability. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2><span style="font-weight:400;">Additional Notes:</span></h2> <p><span style="font-weight:400;">The following CVE was released with additional information on the scope of the vulnerability:</span></p> <ul> <li style="font-weight:400;"><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-3400"><span style="font-weight:400;">CVE-2024-3400</span></a> <span style="font-weight:400;">(&ldquo;Palo Alto Networks PAN-OS Command Injection Vulnerability&rdquo;)</span></li> </ul> <h2><span style="font-weight:400;">Supporting Documentation:</span></h2> <ul> <li style="font-weight:400;"><a href="https://security.paloaltonetworks.com/CVE-2024-3400"><span style="font-weight:400;">https://security.paloaltonetworks.com/CVE-2024-3400</span></a><span style="font-weight:400;">&nbsp;</span></li> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400</span></a><span style="font-weight:400;"><br /></span></li> </ul> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span></p> <p><span style="font-weight:400;">Last reviewed:&nbsp;</span><span style="font-weight:400;">April 15, 2024</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div> https://community.appian.com/support/w/kb/3527/kb-2301-information-about-the-pan-os-global-protect-command-injection-vulnerability-cve-2024-3400/revision/2Mon, 15 Apr 2024 18:23:50 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:47063719-c392-4640-9daa-f79a327a15fapauline.delacruzhttps://community.appian.com/support/w/kb/3527/kb-2301-information-about-the-pan-os-global-protect-command-injection-vulnerability-cve-2024-3400#commentsRevision 2 posted to Appian Knowledge Base by pauline.delacruz on 4/15/2024 6:23:50 PM<br /> <p><span style="font-weight:400;">On 12-Apr-2024, Palo Alto Networks released a </span><a href="https://security.paloaltonetworks.com/CVE-2024-3400"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> regarding a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software. The same day, CISA released a concurrent </span><a href="https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> and added the vulnerability to its Known Exploited Vulnerability Catalog.</span></p> <p><span style="font-weight:400;">Upon assessing the Appian platform against all details of the CVE, we can confirm that the Appian platform is not impacted by this vulnerability. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2><span style="font-weight:400;">Additional Notes:</span></h2> <p><span style="font-weight:400;">The following CVE was released with additional information on the scope of the vulnerability:</span></p> <ul> <li style="font-weight:400;"><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-3400"><span style="font-weight:400;">CVE-2024-3400</span></a> <span style="font-weight:400;">(&ldquo;Palo Alto Networks PAN-OS Command Injection Vulnerability&rdquo;)</span></li> </ul> <h2><span style="font-weight:400;">Supporting Documentation:</span></h2> <ul> <li style="font-weight:400;"><a href="https://security.paloaltonetworks.com/CVE-2024-3400"><span style="font-weight:400;">https://security.paloaltonetworks.com/CVE-2024-3400</span></a><span style="font-weight:400;">&nbsp;</span></li> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400</span></a><span style="font-weight:400;"><br /></span></li> </ul> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span></p> <p><br /><span style="font-weight:400;">Last reviewed:&nbsp;</span><span style="font-weight:400;">April 15, 2024</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div> https://community.appian.com/support/w/kb/3527/kb-2301-information-about-the-pan-os-global-protect-command-injection-vulnerability-cve-2024-3400/revision/1Mon, 15 Apr 2024 18:21:50 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:47063719-c392-4640-9daa-f79a327a15fapauline.delacruzhttps://community.appian.com/support/w/kb/3527/kb-2301-information-about-the-pan-os-global-protect-command-injection-vulnerability-cve-2024-3400#commentsRevision 1 posted to Appian Knowledge Base by pauline.delacruz on 4/15/2024 6:21:50 PM<br /> <p><span style="font-weight:400;">On 12-Apr-2024, Palo Alto Networks released a </span><a href="https://security.paloaltonetworks.com/CVE-2024-3400"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> regarding a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software. The same day, CISA released a concurrent </span><a href="https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> and added the vulnerability to its Known Exploited Vulnerability Catalog.</span></p> <p><span style="font-weight:400;">Upon assessing the Appian platform against all details of the CVE, we can confirm that the Appian platform is not impacted by this vulnerability. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2><span style="font-weight:400;">Additional Notes:</span></h2> <p><span style="font-weight:400;">The following CVE was released with additional information on the scope of the vulnerability:</span></p> <ul> <li style="font-weight:400;"><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-3400"><span style="font-weight:400;">CVE-2024-3400</span></a> <span style="font-weight:400;">(&ldquo;Palo Alto Networks PAN-OS Command Injection Vulnerability&rdquo;)</span></li> </ul> <p><span style="font-weight:400;">Supporting Documentation:</span></p> <ul> <li style="font-weight:400;"><a href="https://security.paloaltonetworks.com/CVE-2024-3400"><span style="font-weight:400;">https://security.paloaltonetworks.com/CVE-2024-3400</span></a><span style="font-weight:400;">&nbsp;</span></li> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400</span></a><span style="font-weight:400;"><br /></span></li> </ul> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span><br /><span style="font-weight:400;">Last reviewed:&nbsp;</span><span style="font-weight:400;">Apr 15, 2024</span></p><div style="clear:both;"></div>