Critical Remote Code Execution Flaw in Palo Alto Gateways | Update Palo Alto Gateway OS to Latest Version To Fix This Critical Vulnerability.

A remote code-execution (RCE) vulnerability (CVE-2019-1579) has been uncovered in the GlobalProtect portal and GlobalProtect Gateway interface security products from Palo Alto Networks. It’s an unusual zero-day case, having been previously unknown but inadvertently fixed in later releases.

The vulnerability (CVE-2019-1579) is a format string vulnerability in the SSL Gateway, which handles client/server SSL handshakes. Its a critical bug because it allows an unauthenticated attacker to execute arbitrary code. Its recommended to update the Gateway OS ASAP.

First publicized by researchers Orange Tsai and Meh Chang last week, the bug was a previously unknown vulnerability, but later versions of Palo Alto’s products happen to be inoculated against it, meaning that up-to-date systems are not in danger.

The Affected versions are

  • PAN-OS 7.1.18 and earlier
  • PAN-OS 8.0.11 and earlier
  • PAN-OS 8.1.2 and earlier

PAN-OS 9.0 is not affected.

The fixed versions are

  • PAN-OS 7.1.19 and later
  • PAN-OS 8.0.12 and later
  • PAN-OS 8.1.3 and later

For those who can’t update yet, Palo Alto recommended that users update to content release 8173 or later, and that they make sure that threat prevention is enabled and enforced on traffic that passes through the GlobalProtect portal and GlobalProtect Gateway interface.

Leave a Reply

Your email address will not be published. Required fields are marked *