# CVE-2024-3400 Vulnerability Checker

## Description
CVE-2024-3400 represents a critical command injection vulnerability in several versions of PAN-OS, the operating system for Palo Alto Networks firewalls. This vulnerability, rated CVSS 10, allows unauthenticated attackers to execute arbitrary code with root privileges. It affects PAN-OS versions 10.2, 11.0, and 11.1 under specific configurations involving GlobalProtect gateway and device telemetry. The vulnerability has been exploited in a limited number of attacks and remains unpatched as of its discovery date, April 12, 2024, with patches anticipated by April 14, 2024.

This script provides a means to check if a specific firewall under your management might be vulnerable to CVE-2024-3400. It automates the process of sending a specially crafted XML payload to the target firewall and checking for a successful response that would indicate a vulnerability.

### Usage
To use this script, you must have curl installed on your system. The script can accept command line arguments for the target IP, payload, and an optional Root CA certificate if SSL verification is needed.

### Basic Command
./ -t <target_ip> -p <payload> [-c <root_ca_path>]
### Parameters
-t: Target IP address of the firewall to be checked.
-p: Payload to send in the request. Ensure that this is crafted to test for the vulnerability without causing harm.
-c: (Optional) Path to the Root CA certificate for SSL verification if your environment requires secure connections.

### Example
./ -t -p '<your_test_payload>' -c '/path/to/ca.pem'

This command sends the specified payload to the firewall at, using the CA certificate provided for SSL verification.

## Mitigation Guidance
For those affected, the following mitigations are recommended:

* Threat Prevention: Enable Threat ID 95187 in Palo Alto Networks devices with a Threat Prevention subscription.
* Disable Device Telemetry: Temporarily disable device telemetry until the device can be upgraded to a patched version of PAN-OS.
* Patch: Apply the upcoming patches as soon as they become available (expected by April 14, 2024).
Further details can be found in the advisories by Palo Alto Networks and Volexity.

## More Information
Palo Alto Networks Advisory: