.. / CVE-2024-3400

Exploit for Palo Alto Networks GlobalProtect < PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3 - Unauthenticated Remote Code Execution (CVE-2024-3400)

Description:

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-3400.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-3400.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-3400
https://unit42.paloaltonetworks.com/cve-2024-3400/
https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-CVE-2024-3400/
https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis
https://github.com/zam89/CVE-2024-3400-pot
https://github.com/ZephrFish/CVE-2024-3400-Canary