CVE-2024-3400

This exploit leverages a command injection vulnerability in Palo Alto PAN-OS by manipulating the SESSID cookie to execute arbitrary commands via a crafted HTTP request. It includes both a vulnerability check and an exploitation module.

The repository provides a functional proof-of-concept for CVE-2024-3400, demonstrating an OS command injection vulnerability in Palo Alto GlobalProtect. It includes HTTP request examples that exploit a path traversal and command injection flaw in the `/ssl-vpn/hipreport.esp` endpoint, allowing arbitrary file creation and command execution with root privileges.

This repository contains a functional exploit for CVE-2024-3400, a command injection vulnerability in Palo Alto GlobalProtect. The script crafts a malicious HTTP request with a base64-encoded command in the Cookie header to trigger RCE and verifies exploitation by checking for a created file.

The repository contains a functional exploit for CVE-2024-3400, demonstrating an OS command injection vulnerability in Palo Alto Networks' SSL VPN (hipreport.esp endpoint). The exploit generates a reverse shell via a crafted curl command with base64-encoded payload injection.

The repository contains a functional exploit for CVE-2024-3400, a command injection vulnerability in Palo Alto Networks PAN-OS. It includes a Nuclei template and HTTP request examples to test for path traversal and RCE via crafted SESSID cookies.

This repository contains a functional Python exploit for CVE-2024-3400, targeting a directory traversal vulnerability in Palo Alto Networks devices to achieve remote code execution (RCE). The exploit includes both single-target and bulk-scanning capabilities, with reverse shell functionality.

The repository contains a malicious Python script that writes a base64-encoded payload to a system file, which executes arbitrary code. The payload is obfuscated and includes functionality to delete itself and other system files, indicating deceptive intent.

This repository contains a functional Python exploit for CVE-2024-3400, a command injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect. The exploit sends a crafted XML payload to the firewall's API endpoint to achieve remote code execution.

This repository contains a functional exploit script for CVE-2024-3400, a file write vulnerability in Palo Alto GlobalProtect. The script automates the process of identifying vulnerable instances and writing arbitrary files via crafted HTTP requests.

The repository contains a Python script that scans for PAN-OS versions by analyzing HTTP response headers from static resources, but does not include exploit code for CVE-2024-3400. It relies on a version table to infer software versions.

This repository contains a functional exploit PoC for CVE-2024-3400, targeting Palo Alto Networks GlobalProtect. The exploit simulates a malicious server that logs and captures suspicious requests, including directory traversal and command injection attempts in cookies.

This repository contains a functional proof-of-concept for CVE-2024-3400, demonstrating an OS command injection vulnerability in Palo Alto GlobalProtect. The exploit leverages a path traversal in the SESSID cookie to write a file to the filesystem with root privileges.

This repository contains functional exploit code for CVE-2024-3400, a command injection vulnerability in Palo Alto Networks PAN-OS. The exploit leverages arbitrary file creation and OS command injection via crafted HTTP requests to achieve remote code execution with root privileges.

This repository contains a functional PoC for CVE-2024-3400, a command injection vulnerability in Palo Alto GlobalProtect. The exploit leverages a path traversal in the `SESSID` cookie to write a file to the server and verify its presence, confirming vulnerability.

The PoC exploits CVE-2024-3400 by injecting a command into the SESSID cookie, which is then decoded and executed via a base64-encoded payload. The exploit targets a command injection vulnerability in the GlobalProtect login endpoint.

This repository contains a Python script designed to parse Palo Alto Networks support files for indicators of compromise (IoCs) related to CVE-2024-3400. It extracts logs and searches for patterns associated with the vulnerability, such as unmarshal errors and known malicious IPs/hosts.

This repository contains a functional Python exploit for CVE-2024-3400, targeting Palo Alto GlobalProtect firewalls with telemetry enabled. The exploit leverages command injection via a maliciously crafted session cookie to achieve remote code execution (RCE) or configuration file exfiltration.

This repository contains a Python script that checks for evidence of CVE-2024-3400 exploitation on Palo Alto Networks firewalls by searching for specific log patterns. It does not exploit the vulnerability but scans for indicators of compromise.

The repository contains a Docker setup script for a Palo Alto firewall environment but lacks any actual exploit code or technical details about CVE-2024-3400. It references a non-existent 'exploit.py' script.

This repository provides a detailed walkthrough of investigating and responding to a Palo Alto Networks PAN-OS command injection vulnerability (CVE-2024-3400). It includes step-by-step analysis, log inspection, and incident response procedures but does not contain functional exploit code.

This repository contains a functional Python script that tests for CVE-2024-3400, a remote code execution vulnerability in Palo Alto Networks GlobalProtect portals. The script crafts a malicious cookie payload with a base64-encoded command and checks for command execution by analyzing the HTTP response.

This repository contains a functional exploit for CVE-2024-3400, targeting Palo Alto Networks PAN-OS devices. The exploit leverages command injection via a crafted cookie header to achieve remote code execution (RCE) by copying a sensitive configuration file to a web-accessible directory.

This repository provides a detailed technical analysis of a CVE-2024-3400 command injection attempt, including payload analysis, attack timeline, and impact assessment. It documents the investigation process with evidence from logs and network activity.

This repository contains a Python script designed to parse Palo Alto Networks (PAN-OS) support files for indicators of compromise (IoCs) related to CVE-2024-3400. It extracts logs and checks for patterns associated with the vulnerability, such as unmarshal errors and C2 IoCs, but does not exploit the vulnerability itself.

This repository contains Ansible playbooks to detect if a Palo Alto Networks firewall is vulnerable to CVE-2024-3400 and to apply mitigations (disabling telemetry) and upgrades. It does not include exploit code but provides automation for vulnerability assessment and remediation.

The repository provides a technical summary and presentation materials about CVE-2024-3400, detailing a misconfigured OAuth token validation vulnerability that allowed token forging and unauthorized access across multiple OAuth integrations, including Palo Alto, Cloudflare, and Zscaler.

This repository provides a detailed technical writeup of the investigation and remediation steps for CVE-2024-3400, a critical command injection vulnerability in Palo Alto Networks PAN-OS. It includes analysis of logs, threat intelligence, and containment strategies, but does not contain functional exploit code.

This repository provides a detailed incident investigation and threat analysis of CVE-2024-3400, a critical unauthenticated command injection vulnerability in Palo Alto Networks PAN-OS. It includes IOCs, exploit patterns, log evidence, and mitigation guidance, but does not contain functional exploit code.

This repository provides a functional proof-of-concept for CVE-2024-3400, a command injection vulnerability in Palo Alto firewalls. It includes HTTP request examples to create files and execute commands via crafted Cookie headers.

This repository contains a Python script that scans for CVE-2024-3400, a command injection vulnerability in PAN-OS. It uses external tools like httpx and subfinder to enumerate subdomains and check for vulnerability by sending a crafted request with a malicious cookie.

This repository contains a functional exploit for CVE-2024-3400, targeting Palo Alto Networks GlobalProtect VPN. The exploit leverages command injection via a crafted SESSID cookie to execute a reverse shell, demonstrating remote code execution (RCE).

This repository contains a functional exploit for CVE-2024-3400, a command injection vulnerability in Palo Alto GlobalProtect. The exploit uses a crafted SESSID cookie to execute arbitrary commands via the `hipreport.esp` endpoint, leading to remote code execution (RCE) and configuration file exfiltration.

This repository contains a bash script designed to detect indicators of compromise (IOCs) related to CVE-2024-3400 on Palo Alto Firewalls. It checks for exploit attempts in logs, suspicious files, and persistence mechanisms but does not include functional exploit code.

This repository contains a Python script designed to scan Palo Alto Networks tech support logs for indicators of compromise related to CVE-2024-3400. It searches for specific terms in log files within a .tar.gz archive but does not exploit the vulnerability.

This repository contains a functional Python exploit for CVE-2024-3400, a command injection vulnerability in Palo Alto GlobalProtect. The exploit includes both a vulnerability checker and a command execution module, leveraging cookie manipulation to achieve arbitrary command execution.

This Python script tests for CVE-2024-3400 by attempting an arbitrary file upload to a Palo Alto device via a crafted POST request with a manipulated Cookie header. It verifies vulnerability by checking if the uploaded file can be retrieved.

The repository contains a functional exploit PoC for CVE-2024-3400, which targets Palo Alto Networks devices. The script sends crafted HTTP requests to create and verify a file, confirming vulnerability by checking for specific HTTP status codes.

This repository contains a Python script that checks for CVE-2024-3400 by sending a POST request to `/ssl-vpn/hipreport.esp` with a crafted cookie and then attempting to access a typically forbidden file via a GET request. It does not execute arbitrary code but confirms vulnerability by detecting a 403 bypass.

The repository contains functional exploit code for CVE-2024-3400, a path traversal vulnerability in Palo Alto GlobalProtect. The PoC sends a crafted request to write a file via a malicious cookie and verifies vulnerability by checking for the file's existence.

This repository contains a functional PoC for CVE-2024-3400, a directory traversal vulnerability in Palo Alto GlobalProtect. The exploit sends a crafted HTTP request with a malicious cookie to read arbitrary files from the server.

This repository contains a Python-based scanner for detecting CVE-2024-3400, a Palo Alto PAN-OS unauthenticated command injection vulnerability. It checks for vulnerability by attempting to write a file via a crafted cookie and verifying its existence.

The repository contains only a README with minimal details about CVE-2024-3400, lacking exploit code or technical analysis. It appears to be a placeholder or lure.

This repository contains a functional Go exploit for CVE-2024-3400, a command injection vulnerability in Palo Alto Networks' PAN-OS. The exploit sends a crafted XML payload to the PAN-OS API endpoint, allowing unauthenticated remote code execution with root privileges.

This repository contains a functional exploit PoC for CVE-2024-3400, targeting PAN-OS firewalls with GlobalProtect and device telemetry enabled. The exploit leverages a command injection vulnerability to execute arbitrary commands via crafted GET requests.

This Metasploit module exploits CVE-2024-3400, an unauthenticated remote code execution vulnerability in Palo Alto Networks PAN-OS. It leverages arbitrary file creation and command injection via malformed session cookies, with payload execution triggered by the telemetry service.