module
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
| Disclosed | Created |
|---|---|
| 2024-04-12 | 2024-04-19 |
Disclosed
2024-04-12
Created
2024-04-19
Description
This module exploits two vulnerabilities in Palo Alto Networks PAN-OS that
allow an unauthenticated attacker to create arbitrarily named files and execute
shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or
GlobalProtect Portal enabled and telemetry collection on (default). Affected versions
include one hour to execute, depending on how often the telemetry service is set to run.
allow an unauthenticated attacker to create arbitrarily named files and execute
shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or
GlobalProtect Portal enabled and telemetry collection on (default). Affected versions
include one hour to execute, depending on how often the telemetry service is set to run.
Authors
remmons-r7
sfewer-r7
sfewer-r7
Platform
Linux,Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.