CVE-2019-1579
CVE-2019-1579
In short
A vulnerability in Palo Alto Networks PAN-OS allows an attacker to run malicious code on affected systems without needing a password, but only if GlobalProtect Portal or Gateway is turned on. This is serious because an attacker can take complete control of the device.
Technical detail
Unauthenticated remote code execution in PAN-OS versions 7.1.18 and earlier, 8.0.11-h1 and earlier, and 8.1.2 and earlier when GlobalProtect Portal or GlobalProtect Gateway Interface is enabled. The attack vector is network-based and requires no authentication or user interaction, allowing arbitrary code execution with system-level privileges.
Summary generated and translated by AI from the official description.
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Palo Alto Networks GlobalProtect Portal/Gateway Interfacepublic PoCs found — 2
githubgithub.com/securifera/CVE-2019-1579★ 63githubgithub.com/Elsfa7-110/CVE-2019-1579★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010https://security.paloaltonetworks.com/CVE-2019-1579https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1579http://www.securityfocus.com/bid/109310