Palo Alto PAN-OS Command Injection and Arbitrary File Creation

vendor:

PAN-OS

by:

Kr0ff

6.1

CVSS

HIGH

Command Injection and Arbitrary File Creation

CWE

Product Name: PAN-OS

Affected Version From: PAN-OS 10.2 < 10.2.9-h1

Affected Version To: PAN-OS 11.1 < 11.1.2-h3

Patch Exists: NO

Related CWE: CVE-2024-3400

CPE: o:paloaltonetworks:pan_os:10.2.9-h1

Metasploit:

Other Scripts: https://www.infosecmatter.com/list-of-metasploit-windows-exploits-detailed-spreadsheet/, https://www.infosecmatter.com/nessus-plugin-library/?id=11197

Platforms Tested: Debian

2024

Palo Alto PAN-OS Command Injection and Arbitrary File Creation

The Palo Alto PAN-OS versions prior to 11.1.2-h3 are vulnerable to command injection and arbitrary file creation. An attacker can exploit this vulnerability to execute arbitrary commands and create files on the target system. This vulnerability has been assigned the CVE ID CVE-2024-3400.

Mitigation:

Update to version 11.1.2-h3 or later to mitigate this vulnerability. Avoid exposing vulnerable systems to untrusted networks.

Source

Palo Alto PAN-OS Command Injection and Arbitrary File Creation

Mitigation:

Exploit-DB raw data: