Exploit for Command Injection in Paloaltonetworks Pan-Os CVE-2024-3400

Name: Exploit for Command Injection in Paloaltonetworks Pan-Os CVE-2024-3400
Rating: 5 (153 reviews)

2024-04-27 | CVSS 7.5

## https://sploitus.com/exploit?id=4FF9C780-5604-5F08-8675-E134C577AA3E
# CVE-2024-3400
Exploit for GlobalProtect CVE-2024-3400

This exploit targets the original vulnerability, so the firewall must be running a vulnerable PAN-OS version and must have telemetry enabled.

Ref: https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/

Sample RCE with remote connect back shell:
![req](img/request.png)

On remote host:
![list](img/listener.png)