Create Palo-alto-panos createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012)(CVE-2024-9474).md

This commit is contained in:
Goby 2024-11-20 20:44:28 +08:00 committed by GitHub
parent c506b92a39
commit 2609472261
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -0,0 +1,12 @@
**Updated document date: November 20, 2024**
## palo-alto-panos /php/utils/createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012/CVE-2024-9474)
| **Vulnerability** | palo-alto-panos /php/utils/createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012/CVE-2024-9474)|
| :----: | :-----|
| **Chinese name** | palo-alto-panos /php/utils/createRemoteAppwebSession.php 命令执行漏洞CVE-2024-0012/CVE-2024-9474 |
| **CVSS core** | 9.50 |
| **FOFA Query** (click to view the results directly)| [body="Panos.browser.cookie.set" && body="Panos.browser.param"]
| **Number of assets affected** | 27,397 |
| **Description** |A command execution vulnerability exists in palo-alto-panos, allowing attackers to execute arbitrary commands via the /php/utils/createRemoteAppwebSession.php/.js.map path without authorization, potentially leading to full system control. |
![](https://s3.bmp.ovh/imgs/2024/11/20/849976b81da4b825.gif)