maoning
commented
2 months ago Hi @secureness,
Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.
Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.
Thanks!
PAN-OS Firewall is a popular firewall with more than 40K instances on the internet. the exploit is easy to trigger it is a simple post request. due to active exploitation, I think it is better to let me write a plugin for this vulnerability as soon as possible.
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ https://socradar.io/critical-os-command-injection-vulnerability-in-palo-altos-globalprotect-gateway-cve-2024-3400-the-patch-is-not-available-yet/