支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-3400 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Palo Alto Networks PAN-OS 命令注入漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一款下一代防火墙软件。 Palo Alto Networks PAN-OS 10.2、11.0、11.1存在命令注入漏洞,该漏洞源于GlobalProtect 功能中存在命令注入漏洞,可能使未经身份验证的攻击者在防火墙上以 root权限执行任意代码。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
Palo Alto NetworksPAN-OS 10.2.0 ~ 10.2.9-h1 -
Palo Alto NetworksCloud NGFW--
Palo Alto NetworksPrisma Access--
二、漏洞 CVE-2024-3400 的公开POC
#POC 描述源链接神龙链接
1This script is designed to demonstrate the exploitation of vulnerabilities in PAN-OS firewalls. It sends a specially crafted payload to the firewall's API endpoint to execute arbitrary commands.https://github.com/DrewskyDev/CVE-2024-3400POC详情
2CVE-2024-3400 POC Remote Code Execution (RCE) Palo Alto Networks PAN-OS softwarehttps://github.com/bigsclowns/CVE-2024-3400-POCPOC详情
3Nonehttps://github.com/Yuvvi01/CVE-2024-3400POC详情
4CVE-2024-3400 Checkerhttps://github.com/shamo0/CVE-2024-3400POC详情
5Nonehttps://github.com/CerTusHack/CVE-2024-3400-PoCPOC详情
6Nonehttps://github.com/0x0d3ad/CVE-2024-3400POC详情
7Nonehttps://github.com/FoxyProxys/CVE-2024-3400POC详情
8Nonehttps://github.com/momika233/CVE-2024-3400POC详情
9CVE-2024-3400 POC Remote Code Execution (RCE) Palo Alto Networks PAN-OS softwarehttps://github.com/kerberoshacker/CVE-2024-3400-POCPOC详情
10Vulnerabilidad de palo alto https://github.com/MrR0b0t19/CVE-2024-3400POC详情
11A simple bash script to check for evidence of compromise related to CVE-2024-3400https://github.com/MurrayR0123/CVE-2024-3400-Compromise-CheckerPOC详情
12CVE-2024-3400 POC Remote Code Execution (RCE) Palo Alto Networks PAN-OS softwarehttps://github.com/kerberoshacker2/CVE-2024-3400-POCPOC详情
13CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtecthttps://github.com/AdaniKamal/CVE-2024-3400POC详情
14Nonehttps://github.com/LoanVitor/CVE-2024-3400-POC详情
15CVE-2024-3400 Palo Alto OS Command Injectionhttps://github.com/h4x0r-dz/CVE-2024-3400POC详情
16CVE-2024-3400https://github.com/W01fh4cker/CVE-2024-3400POC详情
17Nonehttps://github.com/CONDITIONBLACK/CVE-2024-3400-POCPOC详情
18Nonehttps://github.com/Chocapikk/CVE-2024-3400POC详情
19CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtecthttps://github.com/ihebski/CVE-2024-3400POC详情
20CVE-2024-3400-RCEhttps://github.com/W01fh4cker/CVE-2024-3400-RCEPOC详情
21A check program for CVE-2024-3400, Palo Alto PAN-OS unauthenticated command injection vulnerability. Palo Alto 防火墙 PAN-OS 远程命令注入检测程序。https://github.com/index2014/CVE-2024-3400-CheckerPOC详情
22CVE-2024-3400-RCEhttps://github.com/admi-n/CVE-2024-3400-RCE-copyPOC详情
23Have we not learnt from HoneyPoC?https://github.com/ZephrFish/CVE-2024-3400-CanaryPOC详情
24Global Protec Palo Alto File Write Exploithttps://github.com/ak1t4/CVE-2024-3400POC详情
25Simple POC for CVE-2024-3400https://github.com/phantomradar/cve-2024-3400-pocPOC详情
26CVE-2024-3400 : Palo Alto OS Command Injection - POChttps://github.com/retkoussa/CVE-2024-3400POC详情
27Nonehttps://github.com/schooldropout1337/CVE-2024-3400POC详情
28EDL for IPs attacking customers with CVE-2024-3400 https://github.com/hahasagined/CVE-2024-3400POC详情
29Simple Python code to check for arbitrary uploadinghttps://github.com/codeblueprint/CVE-2024-3400POC详情
30Python script to check Palo Alto firewalls for CVE-2024-3400 exploit attemptshttps://github.com/swaybs/CVE-2024-3400POC详情
31Nonehttps://github.com/sxyrxyy/CVE-2024-3400-CheckPOC详情
32CVE-2024-3400 POC written in Rust and Pythonhttps://github.com/Ravaan21/CVE-2024-3400POC详情
33Finding Palo Alto devices vulnerable to CVE-2024-3400.https://github.com/pwnj0hn/CVE-2024-3400POC详情
34CVE-2024-3400-RCEhttps://github.com/W01fh4cker/CVE-2024-3400-RCE-ScanPOC详情
35Extract useful information from PANOS support file for CVE-2024-3400https://github.com/HackingLZ/panrapidcheckPOC详情
36Exploit for CVE-2024-3400https://github.com/stronglier/CVE-2024-3400POC详情
37Python exploit and checker script for CVE-2024-3400 Palo Alto Command Injection and Arbitrary File Creationhttps://github.com/Kr0ff/cve-2024-3400POC详情
38Simple honeypot for CVE-2024-3400 Palo Alto PAN-OS Command Injection Vulnerabilityhttps://github.com/zam89/CVE-2024-3400-potPOC详情
39Check to see if your Palo Alto firewall has been compromised by running script againt support bundle. https://github.com/terminalJunki3/CVE-2024-3400-CheckerPOC详情
40Nonehttps://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-InjectionPOC详情
41Exploit for GlobalProtect CVE-2024-3400https://github.com/marconesler/CVE-2024-3400POC详情
42Nonehttps://github.com/andrelia-hacks/CVE-2024-3400POC详情
43Find rows contain specific IP addresses in large files and then, extract them. This tool make for investigating logs for cve-2024-3400https://github.com/tk-sawada/IPLineFinderPOC详情
44Nonehttps://github.com/iwallarm/cve-2024-3400POC详情
45Simple POC for CVE-2024-3400https://github.com/tfrederick74656/cve-2024-3400-pocPOC详情
46Attempt at making the CVE-2024-3400 initial exploit (for educational purposes)https://github.com/workshop748/CVE-2024-3400POC详情
47CVE-2024-3400 PAN-OS Vulnerability Scanner.https://github.com/nanwinata/CVE-2024-3400POC详情
48CVE-2024-3400的攻击脚本https://github.com/XiaomingX/CVE-2024-3400-pocPOC详情
49Nonehttps://github.com/drake044/SOC274-Palo-Alto-Networks-PAN-OS-Command-Injection-Vulnerability-Exploitation-CVE-2024-3400POC详情
50Nonehttps://github.com/hashdr1ft/SOC274-Palo-Alto-Networks-PAN-OS-Command-Injection-Vulnerability-Exploitation-CVE-2024-3400POC详情
51A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3400.yamlPOC详情
52Detection, analysis, and response strategies for CVE-2024-3400 exploitation attempts targeting Palo Alto PAN-OS GlobalProtect portals. Includes IOCs, exploit patterns, and mitigation guidance.https://github.com/CyprianAtsyor/letsdefend-cve2024-3400-case-studyPOC详情
53An AI-powered tool to predict and prevent zero-day attacks on firewalls, like Palo Alto’s CVE-2024-3400. Uses Python, Wireshark, MITRE ATT&CK datasets, and Docker for real-time anomaly detection.https://github.com/Rohith-Reddy-Y/Zero-Day-Vulnerability-Exploitation-Detection-ToolPOC详情
54Nonehttps://github.com/CyberBibs/SOC274---Palo-Alto-Networks-PAN-OS-Command-Injection-Vulnerability-Exploitation-CVE-2024-3400-POC详情
55CS50 Cybersecurity final project — Palo Alto OAuth token breach (CVE-2024-3400)https://github.com/Yafiah-Darwesh/cs50-cyber-paloalto-oauthPOC详情
56CVE-2024-3400的攻击脚本https://github.com/GhassanSabir/CVE-2024-3400-pocPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2024-3400 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2024-3400 的评论

暂无评论

发表评论