Critical Palo Alto Networks Vulnerability Discovered

marina kidron Jul 25, 2019

A patch has been rapidly and discreetly released for a critical Palo Alto Networks RCE vulnerability. Although the vulnerability hasn’t been exploited in the wild yet, upgrading to the rapidly patched new PAN-OS versions as soon as possible is still highly recommended.

What does the Palo Alto Networks RCE Vulnerability Do?

The vulnerability, named CVE-2019-1579, was first made public in a UNIX-format security advisory in July. The advisory explained that it’s a remote code execution vulnerability which does not require any user interaction to be exploited. The flaw exists in its enterprise GlobalProtect SSL VPN – this is a product which runs on Palo Alto Networks’ firewall devices, meaning that a successful exploit could lead to attackers gaining control of both the internet gateway and an organization’s firewall rules.

Essentially, it’s a simple format string vulnerability with a fairly straightforward exploit. Thankfully, Palo Alto Networks acted rapidly to apply a patch – but the onus still falls on security teams to ensure that they update their systems. All supported versions of PAN-OS are affected with the exception of its latest iteration, PAN-OS 9.0.

The vulnerability was accidentally discovered by Taiwan-based security researcher Orange Tsai in July. After assuming that it was a silently-fixed one-day vulnerability, he released a PoC exploit on July 17 – the same day that Palo Alto shared the news that it had created a patch.

  • What should Skybox Customers do?

Skybox customers can rest easy. While it’s common for vulnerability scanners to miss vulnerabilities on network devices, Skybox addresses this shortcoming with Vulnerability Detector, a capability unique to the Skybox® Security Suite. Skybox customers using this feature would have seen this vulnerability and understood its severity on July 19. It’s likely that they will have probably already applied the patch.

If you’re a Skybox customer and you haven’t been making the most out of Vulnerability Detector, take the discovery of this vulnerability as a good reason why you should.Familiarize yourself with the feature and ensure that you’re getting the most out of your deployment.

If you’re not a Skybox customer — check whether you’re impacted by this vulnerability and, if you are, update to PAN-OS 9.0 today.

Read more

Exim Vulnerability Exploited In the Wild a Week After Discovery – Another vulnerability which can be remotely exploited only, in this case, it was exploited with 3.5 million servers left vulnerable

BlueKeep Wormable Vulnerability Brings Back WannaCry Memories – Keep your eyes trained on news about this vulnerability. If exploited in the wild, it could cause significant damage akin to WannaCry

Marina Kidron is Skybox Security's director of threat intelligence and leader of the Skybox Research Lab, a dedicated team of analysts who daily scour dozens of security feeds and sources and investigate sites in the dark web. Kidron has more than 10 years of experience in business and statistical data analysis, data modeling and algorithms development for information technology, mobile and internet companies and financial services companies. She earned a Master's degree in Political Marketing, and a Bachelor degree in Computer Science and Mathematics.

Recent Posts

Skybox 2021 Vulnerability and Threat Trends Report reveals emerging security challenges and growing need for exposure analysis
Read More
Biden Cybersecurity Executive Order
Read More
CISA Alert – Top routinely exploited vulnerabilities
Read More
3 trends shaping security posture management for 2021
Read More
Skybox Q&A: CRO Rob Rosiello identifies today’s and tomorrow’s top cybersecurity issues as the world reopens
Read More
Post-pandemic cyber threats
Read More