Palo Alto Networks Security Advisories / CVE-2019-1580

CVE-2019-1580 Memory Corruption in PAN-OS

047910
Severity 9.8 · CRITICAL
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

Description

Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS (Ref: # PAN-123603/CVE-2019-1580).

Successful exploitation will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.

This issue affects PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier.

Product Status

VersionsAffectedUnaffected
PAN-OS 9.0<= 9.0.3>= 9.0.3-h3
PAN-OS 8.1<= 8.1.9>= 8.1.9-h4
PAN-OS 8.0<= 8.0.19>= 8.0.19-h1
PAN-OS 7.1<= 7.1.24>= 7.1.24-h1

Severity: CRITICAL

CVSSv3.1 Base Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Solution

PAN-OS 7.1.24-h1 and later, PAN-OS 8.0.19-h1 and later, PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.

Workarounds and Mitigations

These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.

Acknowledgments

This issue was discovered by Nicholas Newsom of Palo Alto Networks during internal security review.
© 2020 Palo Alto Networks, Inc. All rights reserved.