POC详情: 2d8b6793e32ac959a46c048de7b2284b0e0ef441

来源
https://github.com/B1ack4sh/Blackash-CVE-2025-0108
关联漏洞
标题: Palo Alto Networks PAN-OS 安全漏洞 (CVE-2025-0108)
描述:Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。 Palo Alto Networks PAN-OS存在安全漏洞,该漏洞源于存在认证绕过漏洞,会影响PAN-OS完整性和保密性。
描述
CVE-2025-0108
介绍
# CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface 🔥

# Description:

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

# Metrics: 

CVSS 4.0 Severity and Vector Strings:

CNA:  Palo Alto Networks, Inc. CVSS-B 8.8 HIGH 🔴 Vector:  CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Red

CVSS 3.x Severity and Vector Strings:

NIST: NVD Base Score: 9.1 CRITICAL ⚫ Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N


# Features:

+ Single URL Scanning: Check a single URL for vulnerability.
+ Batch URL Scanning: Check multiple URLs from a text file.
+ Logging: Logs results to both the console and a log file (scan_results.log).
+ Timeout Handling: Prevents the script from hanging indefinitely with the timeout parameter for HTTP requests.
+ Detailed Reporting: Outputs detailed information including status codes and responses.
+ Error Handling: Handles connection issues, timeouts, and other exceptions gracefully.

# Requirements:

+ Python 3.x
+ Requests library (pip install requests)

# 🛠️ Nuclei Usage:

```
sudo nuclei -t CVE-2025-0108.yaml -u <target-url>
```

# Usage:

```
sudo python3 CVE-2025-0108.py -u http://example.com
```

```
sudo python3 CVE-2025-0108.py -f urls.txt
```

# Disclaimer ⚠️

For educational and research purposes only. Use only against systems you own or have permission to test...
文件快照

 [4.0K]  /data/pocs/2d8b6793e32ac959a46c048de7b2284b0e0ef441
├── [2.8K]  CVE-2025-0108.py
├── [ 856]  CVE-2025-0108.yaml
└── [2.1K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。