Palo Alto Networks Security Advisories / CVE-2019-1581

CVE-2019-1581 Remote code execution in PAN-OS SSH management interface

047910
Severity 9.8 · CRITICAL
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

Description

Palo Alto Networks is aware of a remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. (Ref: # PAN-123564/ CVE-2019-1581).

Successful exploitation will allow a remote, unauthenticated user to execute arbitrary code by crafting and sending a malicious message to the SSH device management interface.

This issue affects PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier.

Product Status

PAN-OS

VersionsAffectedUnaffected
9.0<= 9.0.3>= 9.0.3-h3
8.1<= 8.1.9>= 8.1.9-h4
8.0<= 8.0.19>= 8.0.19-h1
7.1<= 7.1.24>= 7.1.24-h1

Severity: CRITICAL

CVSSv3.1 Base Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-20 Improper Input Validation

Solution

PAN-OS 7.1.24-h1 and later, PAN-OS 8.0.19-h1 and later, PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.

Workarounds and Mitigations

This issue affects the SSH management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interfaces. Our best practices guidelines reduce the exposure of device management interfaces to potential attacke...

Acknowledgments

The UK's National Cyber Security Centre (NCSC)
© 2020 Palo Alto Networks, Inc. All rights reserved.