Skip to content

schooldropout1337/CVE-2024-3400

Repository files navigation

CVE-2024-3400

POC

telemet

Description

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

CVE-2024-3400 Nuclei Template for Palo Alto PAN-OS Vulnerability

This repository contains a Nuclei Template designed to detect vulnerabilities related to Palo Alto PAN-OS bugs, specifically targeting CVE-2024-3400.

A comprehensive list of research was done by

[1] https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis

[2] https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/

Vulnerabilities Detected

  • 0 Byte File Creation: This vulnerability allows for the creation of a 0-byte file via a Curl request in a Bash file.
  • OS Command Injection: The Nuclei Template detects potential OS command injection vulnerabilities.

Usage

Bash Script

Execute the following command to run the Bash script:

./CVE-2024-3400.sh http://target
or
sh CVE-2024-3400.sh http://target

The script will check if a file is created (returning a 200 OK status). If successful, it will then verify if the file exists (returning a 403 Forbidden status).

Nuclei Template - telemet.yaml

  1. Start an Interact Server:
interactsh-client -v
  1. Run the Nuclei Template:
nuclei -t ./CVE20243400.yaml -u http://target -V telemetry=xyz.oast.fun -debug
  1. Boom Boom Template! (GET subdomain from https://dig.pm)
nuclei -t ./telemet.yaml -l pa-urls.txt -V telemetry=subdomain.ipv6.1433.eu.org

Potential Targets

A list of potential targets can be found here.

python fofax3r.py

Author

  • Author: 자전거, 自転車, 自行车

This README.md provides information on the vulnerability, how to use the provided scripts, potential targets, and credits the author. Let me know if you need any further adjustments!

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published