Palo Alto Networks Security Advisories / CVE-2019-1579

CVE-2019-1579 Remote Code Execution in GlobalProtect Portal/Gateway Interface

047910
Severity 8.1 · HIGH
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity HIGH
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH

Description

Palo Alto Networks is aware of the reported remote code execution (RCE) vulnerability in its GlobalProtect portal and GlobalProtect Gateway interface products. The issue is already addressed in prior maintenance releases. (Ref: CVE-2019-1579)

Successful exploitation of this issue allows an unauthenticated attacker to execute arbitrary code.

This issue affects PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier releases. PAN-OS 9.0 is not affected.

Product Status

VersionsAffectedUnaffected
PAN-OS 8.1<= 8.1.2>= 8.1.3
PAN-OS 8.0<= 8.0.11-h1>= 8.0.12
PAN-OS 7.1<= 7.1.18>= 7.1.19

Severity: HIGH

CVSSv3.1 Base Score: 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-20 Improper Input Validation

Solution

PAN-OS 7.1.19 and later, PAN-OS 8.0.12 and later, and PAN-OS 8.1.3 and later releases.

Workarounds and Mitigations

If you have not already upgraded to the available updates listed above and cannot do so now, we recommend that you update to content release 8173, or the latest version, and confirm threat prevention is enabled and enforced on traffic that passes through the GlobalProtect portal and GlobalProtect Gateway interface.

Please see the customer advisory for more details here: https://live.paloaltonetworks.com/t5/Customer-Advisories/Action-Recommended-Recent-Security-Advisory-PAN-SA-2019-0020-Ref/ta-p/278505 .

You are not affected if you do not have GlobalProtect enabled.

© 2024 Palo Alto Networks, Inc. All rights reserved.