SECURITY ADVISORY: Palo ALTO GLOBAL PROTECT REMOTE CODE EXECUTION VULNERABILITY CVE-2019-157919/7/2019 Description:
Palo Alto Networks is aware of the reported remote code execution (RCE) vulnerability (PAN-SA-2019-0020) in its GlobalProtect portal and GlobalProtect Gateway interface products. The issue is already addressed in prior maintenance releases. (Ref: CVE-2019-1579) Risk Rating: Critical Successful exploitation of this issue allows an unauthenticated attacker to execute arbitrary code. Products Affected: PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier, and PAN-OS 8.1.2 and earlier releases. PAN-OS 9.0 is not affected. Solution: Updates are available from Palo Alto to address this issue. PAN-OS 7.1.19 and later, PAN-OS 8.0.12 and later, and PAN-OS 8.1.3 and later releases. Workarounds and Mitigations: If you have not already upgraded to the available updates listed above and cannot do so now, we recommend that you update to content release 8173, or a later version, and confirm threat prevention is enabled and enforced on traffic that passes through the GlobalProtect portal and GlobalProtect Gateway interface. You are not affected if you do not have GlobalProtect enabled.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |