CVE-2019-1579 - OpenCVE

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/109310
https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
https://security.paloaltonetworks.com/CVE-2019-1579

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2019-07-19T21:12:19

Updated: 2024-08-04T18:20:28.309Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1579

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-19T22:15:11.557

Modified: 2024-07-24T16:58:14.647

Link: CVE-2019-1579

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Palo Alto Networks GlobalProtect Portal/Gateway Interface", "vendor": "n/a", "versions": [{"status": "affected", "version": "PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier, and PAN-OS 8.1.2 and earlier releases"}]}], "descriptions": [{"lang": "en", "value": "Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-17T16:03:48", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"name": "109310", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/109310"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"}, {"tags": ["x_refsource_MISC"], "url": "https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/"}, {"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2019-1579"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "ID": "CVE-2019-1579", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Palo Alto Networks GlobalProtect Portal/Gateway Interface", "version": {"version_data": [{"version_value": "PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier, and PAN-OS 8.1.2 and earlier releases"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "109310", "refsource": "BID", "url": "http://www.securityfocus.com/bid/109310"}, {"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"}, {"name": "https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/", "refsource": "MISC", "url": "https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/"}, {"name": "https://security.paloaltonetworks.com/CVE-2019-1579", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2019-1579"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:20:28.309Z"}, "title": "CVE Program Container", "references": [{"name": "109310", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/109310"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2019-1579"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2019-1579", "datePublished": "2019-07-19T21:12:19", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-08-04T18:20:28.309Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2022-07-10", "cisaExploitAdd": "2022-01-10", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Palo Alto Networks PAN-OS Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE3E26D2-9924-42E0-89B1-1F3874FDE477", "versionEndExcluding": "7.1.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "768CDC46-7810-4A40-A167-FC58DE9E0928", "versionEndExcluding": "8.0.12", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "D184BA3D-A3E5-4EF1-94CB-3879D93EA3D7", "versionEndExcluding": "8.1.3", "versionStartIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code."}, {"lang": "es", "value": "La ejecuci\u00f3n de c\u00f3digo remota en PAN-OS versi\u00f3n 7.1.18 y anteriores, PAN-OS versi\u00f3n 8.0.11-h1 y anteriores, y PAN-OS versi\u00f3n 8.1.2 y anteriores con GlobalProtect Portal o GlobalProtect Gateway Interface habilitados pueden permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario."}], "id": "CVE-2019-1579", "lastModified": "2024-07-24T16:58:14.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-19T22:15:11.557", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/109310"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Third Party Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2019-1579"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}