Rule Library
Sigma Rules
2 rules found for "CVE-2024-3400"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threatmediumtest
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - File Creation
Detects suspicious file creations in the Palo Alto Networks PAN-OS' parent telemetry folder, which are processed by the vulnerable 'dt_curl' script if device telemetry is enabled. As said script overrides the shell-subprocess restriction, arbitrary command execution may occur by carefully crafting filenames that are escaped through this function.
paloaltoFile Eventglobalprotect
Andreas Braathen (mnemonic.io)Thu Apr 252024
Emerging Threathightest
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection
Detects potential exploitation attempts of CVE-2024-3400 - an OS command injection in Palo Alto GlobalProtect. This detection looks for suspicious strings that indicate a potential directory traversal attempt or command injection.
paloaltoapplianceglobalprotect
Nasreddine Bencherchali (Nextron Systems)Thu Apr 182024