This repository contains a Go script that exploits a Command Injection vulnerability in firewalls running Palo Alto Networks' PAN-OS operating system. The vulnerability, identified as CVE-2024-3400, allows an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
CVE-2024-3400 is a critical vulnerability affecting multiple versions of PAN-OS, including PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1, when configured with the GlobalProtect Gateway and/or GlobalProtect Portal features and device telemetry enabled. Successful exploitation of this vulnerability can result in the execution of arbitrary code on the firewall, potentially leading to complete compromise of the device.
The script in this repository is developed for educational and research purposes, aiming to demonstrate how the vulnerability can be exploited. It allows users to perform attacks against vulnerable PAN-OS firewalls by injecting custom payloads into them.
The script can be run in two ways: by entering values directly or by using a CSV file containing a list of targets. Here's how to use it:
- Ensure you have Go installed on your system.
- Clone this repository to your machine.
- Open a terminal and navigate to the directory where you cloned the repository.
- Run the script with the command
go run exploit.go
. - Choose option 'D' to enter values directly.
- Follow the prompts to enter the firewall's IP address, the payload to be executed, and the path to the root CA certificate, if required.
- Ensure you have Go installed on your system.
- Prepare a CSV file containing a list of targets you want to attack. The format should include three columns: firewall IP address, payload, and the path to the root CA certificate (optional).
- Clone this repository to your machine.
- Open a terminal and navigate to the directory where you cloned the repository.
- Run the script with the command
go run exploit.go
. - Choose option 'C' to use a CSV file.
- Enter the path to the CSV file when prompted.