Back to Markets
VULNERABILITYRESOLVEDPAN-OSzero-dayCISA-KEVcommand-injectionPalo-Altoauto-generated

Will CISA add CVE-2024-3400 (Palo Alto PAN-OS command injection) to the KEV catalog?

RESOLVEDYESApr 12, 2024

CISA added CVE-2024-3400 to the KEV catalog on April 12, 2024 with a federal remediation deadline of April 19, 2024. Active exploitation confirmed by Palo Alto Unit 42 and Volexity before the patch was widely deployed.

Evidence: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
72%
YES
28%
NO
0 predictions
YES
NO
75%60%45%30%
30d25d20d15d10d5dnow

Market Overview

AI GENERATED

CVE-2024-3400 is a critical unauthenticated command injection vulnerability (CVSS 10.0) in Palo Alto Networks GlobalProtect Gateway. Threat actor UTA0218 was observed exploiting it as a zero-day to deploy a novel Python backdoor named UPSTYLE across government and technology targets.

Primary Source

Resolution Criteria

CISA adds CVE-2024-3400 to the Known Exploited Vulnerabilities catalog. Confirmable at cisa.gov/known-exploited-vulnerabilities-catalog.

Market Info

ClosesMay 1, 2024
CreatedApr 13, 2024
CategoryVulnerability
Created by@ThreatOdds
Creator accuracy0%
ResolutionCommunity vote + moderator
StatusLIVE

MARKET STATS

Total Predictions0
ClosesMay 1, 2024
ResolutionCommunity + Moderator
CategoryVulnerability
Beta Feedback