In April 2024, a nation-state exploited a flaw in an SSLVPN device. Palo-Alto OS is US gov. approved but missed vulnerability 2024-3400. The bug allows root access via command injection, but only if telemetry is enabled. By manipulating cookie values, attackers can write files to the system. Through a Python script, the vulnerability allows for command injection. A zero-byte file is created, blocking content viewing. The exploited directory traversal bug enables unauthorized file creation. The flaw lies in a custom Python script utilized by Palo Alto, showcasing the danger of mishandling user input. The investigation unveils security risks due to oversight in code execution vulnerabilities.
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/