Security News > 2019 > July > Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways
Palo Alto Networks has silently patched a critical remote code execution vulnerability in its enterprise GlobalProtect SSL VPN, which runs on Palo Alto Networks’ firewall devices. Administrators who have still not upgraded to the fixed PAN-OS versions are urged to do so quickly, as researchers have released PoC attack code that could soon be modified by motivated attackers. About the vulnerability (CVE-2019-1579) CVE-2019-1579 affects the GlobalProtect portal and GlobalProtect Gateway interface. “The bug is very … More → The post Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZhihM-3u_Ig/
Related news
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New Ivanti RCE flaw may impact 16,000 exposed VPN gateways (source)
- Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) (source)
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways (source)
- Palo Alto Networks zero-day exploited since March to backdoor firewalls (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Palo Alto Networks fixes zero-day exploited to backdoor firewalls (source)
- Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation (source)
- 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-19 | CVE-2019-1579 | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | 6.8 |