Palo Alto GlobalProtect Remote Code Execution Vulnerability Alert

On July 18, 2019, Palo Alto officially released a notice of remote code execution vulnerability in the GlobalProtect Portal/Gateway interface (CVE-2019-1579), vendor number: PAN-SA-2019-0020. This vulnerability is a remote code execution vulnerability. Based on the number of users worldwide who use the product and the ports exposed on the Internet, a malicious attacker may develop an automated attack program for the vulnerability to automatically populate the backdoor after successful exploitation.

Dutch police decrypted IronChat

According to the published analysis on the Internet, CVE-2019-1579 is a format string vulnerability in the PAN SSL Gateway, which handles client/server SSL handshakes., affecting PAN-OS 7.1.18, PAN-OS 8.0.11, PAN-OS prior to 8.1.2, vulnerability related information, you can read here.

Affected version

  • PAN-OS 7.1.18 and earlier
  • PAN-OS 8.0.11 and earlier
  • PAN-OS 8.1.2 and earlier

Unaffected version

  • PAN-OS 7.1.19 and later
  • PAN-OS 8.0.12 and later
  • PAN-OS 8.1.3 and later releases

Solution

The current public analysis and utilization code for this vulnerability have emerged. It is recommended to perform security updates or security hardening configuration as soon as possible.