Palo Alto GlobalProtect Remote Code Execution Vulnerability Alert
On July 18, 2019, Palo Alto officially released a notice of remote code execution vulnerability in the GlobalProtect Portal/Gateway interface (CVE-2019-1579), vendor number: PAN-SA-2019-0020. This vulnerability is a remote code execution vulnerability. Based on the number of users worldwide who use the product and the ports exposed on the Internet, a malicious attacker may develop an automated attack program for the vulnerability to automatically populate the backdoor after successful exploitation.
According to the published analysis on the Internet, CVE-2019-1579 is a format string vulnerability in the PAN SSL Gateway, which handles client/server SSL handshakes., affecting PAN-OS 7.1.18, PAN-OS 8.0.11, PAN-OS prior to 8.1.2, vulnerability related information, you can read here.
Affected version
- PAN-OS 7.1.18 and earlier
- PAN-OS 8.0.11 and earlier
- PAN-OS 8.1.2 and earlier
Unaffected version
- PAN-OS 7.1.19 and later
- PAN-OS 8.0.12 and later
- PAN-OS 8.1.3 and later releases
Solution
The current public analysis and utilization code for this vulnerability have emerged. It is recommended to perform security updates or security hardening configuration as soon as possible.