Palo Alto Networks Security Advisories / CVE-2019-1582

CVE-2019-1582 Memory Corruption in PAN-OS

047910
Severity 7.2 · HIGH
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required HIGH
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

Description

Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS. (Ref: # PAN-123700/ CVE-2019-1582).

Successful exploitation of this issue may allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.

This issue affects PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier. PAN-OS 7.1 and 8.0 are NOT affected.

Product Status

PAN-OS

VersionsAffectedUnaffected
9.0<= 9.0.3>= 9.0.3-h3
8.1<= 8.1.9>= 8.1.9-h4

Severity: HIGH

CVSSv3.1 Base Score: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Solution

PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.

Workarounds and Mitigations

These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.

Acknowledgments

This issue was discovered by Nicholas Newsom of Palo Alto Networks during internal security review.
© 2020 Palo Alto Networks, Inc. All rights reserved.