How to Remedy CVE-2024-3400

How to Remedy CVE-2024-3400

Created On 04/23/24 21:42 PM - Last Modified 05/23/24 20:34 PM


This article describes the recommended remediation procedure for Palo Alto Networks Security Advisory - CVE-2024-3400 devices that were not remediated on or before April 25th, 2024.



  • An enhanced factory reset (“EFR”) procedure can be scheduled by opening a case through Customer Support (TAC). This procedure does not rely on the integrity of a potentially compromised device to initiate a reset, and is recommended for customers that:
  1. Have not applied the PAN-OS fixes or Threat Prevention signatures with vulnerability protection applied to the Global Protect interface (regardless of level of compromise) on or before April 25, 2024; or
  2. Are concerned about a persistent risk.
  • Customers using a VM series device should follow these remediation steps. 
  • After an EFR is performed, the following are recommended:
  1. Change the master key and elect for AES-256-GCM.
  2. Reset passwords, psk’s, keys, secrets, etc. (See the list of passwords and keys )
  3. Revoke and reissue all certificates with private-keys on PAN-OS; these certs-keys are on device > certificates (Revoke a certificate and generate a certificate ).

Customers who applied the previous recommended remediation steps on or before April 25, 2024 are believed to be at low risk of a persistent compromise.


  • Print
  • Copy Link

Choose Language