PAN-OS GlobalProtect Endpoint Probe (CVE-2024-3400) for 2026-02-22

Last Updated: 12:00 UTC

CVE-2024-3400 is a command injection in Palo Alto PAN-OS GlobalProtect (CVSS 10.0) allowing unauthenticated RCE via the prelogin endpoint. Exploitation was observed in the wild before the patch was available. Scanners probe /global-protect/prelogin.esp and /login.esp to fingerprint GlobalProtect gateways prior to exploitation.

CVE References

CVE-2024-3400

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

• /global-protect/login.esp

Attackers by Country

IP Address : ASN : City/Provider

• 193.142.147.81 : AS208046 maximilian kutzner : Germany

• 93.123.118.208 : AS43561 net1 ltd. : Sofia