Critical Pre-Authentication Vulnerability

Critical Pre-Authentication Vulnerability


Overview

CVE-2019-1579 is a pre-authentication remote code execution vulnerability in Palo Alto Networks (PAN) GlobalProtect VPN.

An unauthenticated attacker could exploit the vulnerability by sending a specifically crafted request to a vulnerable VPN server in order to remotely execute code on the system.

Threat Intelligence

While there is a public proof-of-concept exploit available, the Masergy Threat Intelligence Team is not aware of exploitation occurring in the wild.

Recommendations

We recommend the following actions be taken:

  • Immediately ensure PAN-OS versions are PAN-OS 7.1.19 and later, PAN-OS 8.0.12 and later, and PAN-OS 8.1.3 and later releases after appropriate testing.
  • Confirm threat prevention is enabled and enforced on traffic that passes through the GlobalProtect portal and GlobalProtect Gateway.
  • Disable GlobalProtect if you are not using the service.

Patches

Palo Alto has made patches available for download.

References

Vulnerabilities

CVE-2019-1579
  • Pre-authentication remote code execution vulnerability in Palo Alto Networks GlobalProtect VPN

Products Affected

  • PAN-OS 7.1.18 and earlier
  • PAN-OS 8.0.11 and earlier
  • PAN-OS 8.1.2 and earlier releases