CVE-2024-3400
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
En resumen
Una falla en la función GlobalProtect de Palo Alto Networks permite que atacantes sin autenticación creen archivos en el firewall e inyecten comandos para tomar control total del dispositivo con acceso de administrador.
Detalle técnico
Un atacante remoto no autenticado puede explotar validación inadecuada de entrada (CWE-20) e inyección de comando (CWE-77) en GlobalProtect para crear archivos arbitrarios en el firewall, resultando en ejecución de comandos del SO con privilegios root. La explotación requiere versiones específicas de PAN-OS y configuraciones particulares; Cloud NGFW, Panorama y Prisma Access no se ven afectados.
Resumen generado y traducido por IA a partir de la descripción oficial.
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
Palo Alto Networks · Cloud NGFWPalo Alto Networks · PAN-OSPalo Alto Networks · Prisma AccessPoCs públicas encontradas — 43
githubgithub.com/h4x0r-dz/CVE-2024-3400★ 161githubgithub.com/W01fh4cker/CVE-2024-3400-RCE-Scan★ 90githubgithub.com/0x0d3ad/CVE-2024-3400★ 70githubgithub.com/ihebski/CVE-2024-3400★ 33githubgithub.com/Chocapikk/CVE-2024-3400★ 15githubgithub.com/momika233/CVE-2024-3400★ 13githubgithub.com/Yuvvi01/CVE-2024-3400★ 11githubgithub.com/ak1t4/CVE-2024-3400★ 9githubgithub.com/AdaniKamal/CVE-2024-3400★ 7githubgithub.com/schooldropout1337/CVE-2024-3400★ 6githubgithub.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection★ 6githubgithub.com/zam89/CVE-2024-3400-pot★ 6githubgithub.com/retkoussa/CVE-2024-3400★ 5githubgithub.com/HackingLZ/panrapidcheck★ 2githubgithub.com/CerTusHack/CVE-2024-3400-PoC★ 2githubgithub.com/ZephrFish/CVE-2024-3400-Canary★ 2githubgithub.com/swaybs/CVE-2024-3400★ 2githubgithub.com/marconesler/CVE-2024-3400★ 2githubgithub.com/CONDITIONBLACK/CVE-2024-3400-POC★ 1githubgithub.com/Zedocun/PAN-OS-CVE-2024-3400-Command-Injection-Investigation★ 1githubgithub.com/wa6n3r/CVE-2024-3400★ 1githubgithub.com/hashdr1ft/SOC274-Palo-Alto-Networks-PAN-OS-Command-Injection-Vulnerability-Exploitation-CVE-2024-3400★ 1githubgithub.com/sxyrxyy/CVE-2024-3400-Check★ 0githubgithub.com/Ravaan21/CVE-2024-3400★ 0githubgithub.com/tfrederick74656/cve-2024-3400-poc★ 0githubgithub.com/pwnj0hn/CVE-2024-3400★ 0githubgithub.com/MurrayR0123/CVE-2024-3400-Compromise-Checker★ 0githubgithub.com/Kr0ff/cve-2024-3400★ 0githubgithub.com/MrR0b0t19/CVE-2024-3400★ 0githubgithub.com/terminalJunki3/CVE-2024-3400-Checker★ 0githubgithub.com/LoanVitor/CVE-2024-3400-★ 0githubgithub.com/andrelia-hacks/CVE-2024-3400★ 0githubgithub.com/ivan-n0v/cve-2024-3400★ 0githubgithub.com/workshop748/CVE-2024-3400★ 0githubgithub.com/CyprianAtsyor/letsdefend-cve2024-3400-case-study★ 0githubgithub.com/CyberBibs/SOC274---Palo-Alto-Networks-PAN-OS-Command-Injection-Vulnerability-Exploitation-CVE-2024-3400-★ 0githubgithub.com/Yafiah-Darwesh/cs50-cyber-paloalto-oauth★ 0githubgithub.com/index2014/CVE-2024-3400-Checker★ 0githubgithub.com/FoxyProxys/CVE-2024-3400★ 0githubgithub.com/hahasagined/CVE-2024-3400★ 0githubgithub.com/codeblueprint/CVE-2024-3400★ 0githubgithub.com/P4rC3L/Global-Protect_VPN_Vuln★ 0exploitdbwww.exploit-db.com/exploits/51996no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://security.paloaltonetworks.com/CVE-2024-3400https://unit42.paloaltonetworks.com/cve-2024-3400/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3400https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/