CVE-2020-2038 PoC — PAN-OS: OS command injection vulnerability in the management web interface

Source

Associated Vulnerability

Description

Exploit to capitalize on vulnerability CVE-2020-2038.

Readme

# CVE-2020-2038
Exploit to capitalize on vulnerability CVE-2020-2038.

According to Palo Alto Networks:
_An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges._

This issue impacts:<br />
PAN-OS 9.0 versions earlier than 9.0.10<br />
PAN-OS 9.1 versions earlier than 9.1.4<br />
PAN-OS 10.0 versions earlier than 10.0.1<br />

# Demo
[![demo](https://raw.githubusercontent.com/und3sc0n0c1d0/CVE-2020-2038/main/demo.gif)]

# Credits
All credits go to Mikhail Klyuchnikov and Nikita Abramov of Positive Technologies who are the researchers who discovered this vulnerability.
More info: <a href="https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/" target="_blank">https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/</a>

File Snapshot

 [4.0K]  /data/pocs/48a1c0bfcb85c524ed4db39a724880d021854c73
├── [2.6K]  CVE-2020-2038.py
├── [755K]  demo.gif
├── [ 872]  README.md
└── [  19]  requirements.txt

0 directories, 4 files

Remarks