Skip to Main Content
Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and
follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.

🥴 See something off? Open a support chat to let us know.

Categories Palo Alto
Created by Austin Unger
Created on Apr 15, 2024

Palo Alto | CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect

This metric will be used to detect affected versions for the below CVE. The metric will return true or false if the system is running an affected version.

This issue is fixed in hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Hotfixes for other commonly deployed maintenance releases will also be made available to address this issue. Please see details below for ETAs regarding the upcoming hotfixes.

PAN-OS 10.2:

- 10.2.9-h1 (Released 4/14/24)

- 10.2.8-h3 (ETA: 4/15/24)

- 10.2.7-h8 (ETA: 4/15/24)

- 10.2.6-h3 (ETA: 4/15/24)

- 10.2.5-h6 (ETA: 4/16/24)

- 10.2.3-h13 (ETA: 4/17/24)

- 10.2.1-h2 (ETA: 4/17/24)

- 10.2.2-h5 (ETA: 4/18/24)

- 10.2.0-h3 (ETA: 4/18/24)

- 10.2.4-h16 (ETA: 4/19/24)

PAN-OS 11.0:

- 11.0.4-h1 (Released 4/14/24)

- 11.0.3-h10 (ETA: 4/15/24)

- 11.0.2-h4 (ETA: 4/16/24)

- 11.0.1-h4 (ETA: 4/17/24)

- 11.0.0-h3 (ETA: 4/18/24)

PAN-OS 11.1:

- 11.1.2-h3 (Released 4/14/24)

- 11.1.1-h1 (ETA: 4/16/24)

- 11.1.0-h3 (ETA: 4/17/24)


(contains(SystemInfo.“sw-version”, ‘10.’ ) && version_compare(SystemInfo.“sw-version”, ‘<’, ‘10.2.9’)) || (contains(SystemInfo.“sw-version”, ‘11.0.’ ) && version_compare(SystemInfo.“sw-version”, ‘<’, ‘11.0.4’)) || (contains(SystemInfo.“sw-version”, ‘11.1.’ ) && version_compare(SystemInfo.“sw-version”, ‘<’, ‘11.1.2’))

  • Attach files
  • Matthew Evans
    Apr 16, 2024

    Since disabled Telemetry or no GlobalProtect portal is also a workaround for this issue, is there any way for Liongard to detect if both Telemetry and GlobalProtect portal are enabled in addition to the version check above?