来源

关联漏洞

介绍

# CVE-2024-3400

![POC](https://github.com/schooldropout1337/CVE-2024-3400/blob/main/CVE-2024-3400-POC-1.jpg)

![telemet](https://github.com/schooldropout1337/CVE-2024-3400/blob/main/CVE-2024-3400-Nuclei-Template.jpg)
# Description

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

# CVE-2024-3400 Nuclei Template for Palo Alto PAN-OS Vulnerability

This repository contains a Nuclei Template designed to detect vulnerabilities related to Palo Alto PAN-OS bugs, specifically targeting CVE-2024-3400. 

A comprehensive list of research was done by

[1] https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis

[2] https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/

## Vulnerabilities Detected

- **0 Byte File Creation**: This vulnerability allows for the creation of a 0-byte file via a Curl request in a Bash file.
- **OS Command Injection**: The Nuclei Template detects potential OS command injection vulnerabilities.

## Usage

### Bash Script

Execute the following command to run the Bash script:
```sh
./CVE-2024-3400.sh http://target
or
sh CVE-2024-3400.sh http://target
```

The script will check if a file is created (returning a 200 OK status). If successful, it will then verify if the file exists (returning a 403 Forbidden status).

### Nuclei Template - telemet.yaml

1. Start an Interact Server:

```sh
interactsh-client -v
```

2. Run the Nuclei Template:

```sh
nuclei -t ./CVE20243400.yaml -u http://target -V telemetry=xyz.oast.fun -debug
```

3. Boom Boom Template! (GET subdomain from https://dig.pm)

```sh
nuclei -t ./telemet.yaml -l pa-urls.txt -V telemetry=subdomain.ipv6.1433.eu.org
```

## Potential Targets

A list of potential targets can be found [here](https://en.fofa.info/result?qbase64=YmFubmVyPSJHbG9iYWwgUHJvdGVjdCI%3D).

```sh
python fofax3r.py
```

## Author

- **Author**: 자전거, 自転車, 自行车

```

This README.md provides information on the vulnerability, how to use the provided scripts, potential targets, and credits the author. Let me know if you need any further adjustments!

文件快照

 [4.0K]  /data/pocs/ac0485caad41e12ed249553a7fa8925c81d50963
├── [351K]  CVE-2024-3400-Nuclei-Template.jpg
├── [140K]  CVE-2024-3400-POC-1.jpg
├── [ 844]  CVE-2024-3400.sh
├── [1.7K]  CVE20243400.yaml
├── [1.7K]  fofax3r.py
├── [2.4K]  README.md
└── [ 733]  telemet.yaml

0 directories, 7 files

备注