漏洞描述
Palo Alto Networks PAN-OS 是一款广泛应用于企业网络的防火墙操作系统。该漏洞存在于 PAN-OS 的 GlobalProtect 功能中,攻击者可以通过路径遍历字符串任意写入文件,并利用会话 ID 句柄中的命令注入,最终以 root 权限在防火墙上执行任意代码。该漏洞的 CVSS 评分为 10(严重),并已在野外被积极利用。
Palo Alto Networks PAN-OS /ssl-XXX/hipreport.esp 命令执行漏洞(CVE-2024-3400)
PoC代码
暂无相关漏洞推荐
- (CVE-2025-4617)Palo Alto Networks Prisma Browser截图控制绕过漏洞
- (CVE-2025-4618)Palo Alto Networks Prisma Browser敏感信息泄露漏洞
- CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2018-10141: Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting
- POC CVE-2020-2036: Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
- POC CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2023-20889: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability
- POC CVE-2024-9463: PaloAlto Networks Expedition - Remote Code Execution
- POC CVE-2025-0107: Palo Alto Networks Expedition - OS Command Injection
- POC limit-networkaccess-disabled: Limit Network Access to Selected Networks - Disabled
- POC CVE-2022-22242: Juniper Networks Junos OS 错误页面反射 XSS 漏洞
- POC CVE-2024-0012: Palo Alto Networks PAN-OS身份认证绕过导致RCE漏洞(CVE-2024-0012)
- POC versa-default-password: Versa Networks SD-WAN Application Default Login