CVE-2019-1579 is a pre-authentication remote code execution vulnerability in Palo Alto Networks (PAN) GlobalProtect VPN.
An unauthenticated attacker could exploit the vulnerability by sending a specifically crafted request to a vulnerable VPN server in order to remotely execute code on the system.
While there is a public proof-of-concept exploit available, the Masergy Threat Intelligence Team is not aware of exploitation occurring in the wild.
We recommend the following actions be taken:
- Immediately ensure PAN-OS versions are PAN-OS 7.1.19 and later, PAN-OS 8.0.12 and later, and PAN-OS 8.1.3 and later releases after appropriate testing.
- Confirm threat prevention is enabled and enforced on traffic that passes through the GlobalProtect portal and GlobalProtect Gateway.
- Disable GlobalProtect if you are not using the service.
Palo Alto has made patches available for download.
Palo Alto Security Advisory:
- Pre-authentication remote code execution vulnerability in Palo Alto Networks GlobalProtect VPN
- PAN-OS 7.1.18 and earlier
- PAN-OS 8.0.11 and earlier
- PAN-OS 8.1.2 and earlier releases