Operating System:

[Appliance]

Published:

19 July 2019

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ASB-2019.0222 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0222
 Remote Code Execution in Palo Alto GlobalProtect Portal/Gateway Interface
                               19 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              GlobalProtect Portal/Gateway Interface
Operating System:     Network Appliance
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-1579  
Member content until: Sunday, August 18 2019

OVERVIEW

        "Palo Alto Networks is aware of the reported remote code execution (RCE)
        vulnerability in its GlobalProtect portal and GlobalProtect Gateway interface
        products. The issue is already addressed in prior maintenance releases. (Ref:
        CVE-2019-1579)" [1]


IMPACT

        The vendor provided the following detail on the vulnerability:
        "Successful exploitation of this issue allows an unauthenticated attacker to
        execute arbitrary code." [1]


MITIGATION

        The vendor advises updating PAN-OS to specified non-affected versions:
        "PAN-OS 7.1.19 and later, PAN-OS 8.0.12 and later, and PAN-OS 8.1.3 and later
        releases."


REFERENCES

        [1] Remote Code Execution in GlobalProtect Portal/Gateway Interface
            https://securityadvisories.paloaltonetworks.com/Home/Detail/158

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXTEFC2aOgq3Tt24GAQgZEw/8CkWj/TnZyiJoGue6Pp4yl0Uoi5QoFRrb
wkErlNSrGZdtugYScy11fJomcllBYhmkIqab7tN/Q1H+pgVJllE37lvQeXP6G+R4
ZBiUxxtTNod6wEEOn0Dc3vaK8TK5PQxr44XgecdMUBmVF5sOAVkjHTAxJdzS4fyA
Mrs/6/JGEgXPJ2kSZT6OpOu4QV68JAYbxUBoOosn755Xl9EQaNaiznP2nkn6QgmH
jmzs7UDl3kB5aS7o/zxx7f/1oS1Fl6S9ZgwWAWUchJ8tle3Y/N/SjqErWNvssmvl
L8ngzIO4npvuvHBw4ZloPheMnwRzH8AAN/m/YzTj/aBYaSkVOQEJkri9Y3uHxuje
phFw0Y9jF3NMz8IULVH3b2TSlrC31RCmQ3VCBCR1sYzo5j0VaeAFDnNPFx1N+QNX
El6YL8lTE4Y9+QmY71sqVRLfMC287nQa4ZVI6vBxo4JJ8QUR4KYrLUx2napE4adz
iXkgPgI3HktXqdSnvaGavhtOCXGUw7tNV47oSP2G0F+UBR0KduWolUXkLykH4Bve
DgK80ybOsALU2j+31rgJNsIDzG1Cuh8kUF87xxKcyVldgeB9xbAyXYVed2YSsWc1
3wxA2QXWv4j4qQ2+zVUTm8C+oHzDqOEZL11eJ9PMGTvD7nMvgmU6qSL2F0lEuZxz
Ct1n0WgCFy8=
=By/N
-----END PGP SIGNATURE-----