Hi, it's been a while. Long story short: below you'll find few details about the postauth bug I found in Palo Alto CLI. Here we go...
Today we'll start here:
Intro
During the tests I used “the latest” available PaloAlto (for 19.01.2025 it was PA VM-ESX-11.1.4-h7). Due to lack of filtering of commands – authorized user is able to use SSH to connect to the appliance and crash 'cli' binary.
Environment
Similar to previous adventures: for preparing the local lab I used VMware (for PaloAlto appliance) and VirtualBox
(for Kali Linux).
Proof-of-concept
Below you'll find a small proof-of-concept file I created using python3 and netmiko:
As you can see I used similar approach I used in the past (for example for the Fortigate appliances)
Full code is available here.
Running the poc:
Results visible in logs of the appliance (to show them, please use command:
$ tail mp-log messages).
Example output is presented below:
Content of the „/cores/” catalog:
More details from the logs:
Remember to use it only for legal purposes! ;)
Brak komentarzy:
Prześlij komentarz