A patch has been rapidly and discreetly released for a critical Palo Alto Networks RCE vulnerability. Although the vulnerability hasn’t been exploited in the wild yet, upgrading to the rapidly patched new PAN-OS versions as soon as possible is still highly recommended.
What does the Palo Alto Networks RCE Vulnerability Do?
The vulnerability, named CVE-2019-1579, was first made public in a UNIX-format security advisory in July. The advisory explained that it’s a remote code execution vulnerability which does not require any user interaction to be exploited. The flaw exists in its enterprise GlobalProtect SSL VPN – this is a product which runs on Palo Alto Networks’ firewall devices, meaning that a successful exploit could lead to attackers gaining control of both the internet gateway and an organization’s firewall rules.
Essentially, it’s a simple format string vulnerability with a fairly straightforward exploit. Thankfully, Palo Alto Networks acted rapidly to apply a patch – but the onus still falls on security teams to ensure that they update their systems. All supported versions of PAN-OS are affected with the exception of its latest iteration, PAN-OS 9.0.
The vulnerability was accidentally discovered by Taiwan-based security researcher Orange Tsai in July. After assuming that it was a silently-fixed one-day vulnerability, he released a PoC exploit on July 17 – the same day that Palo Alto shared the news that it had created a patch.
What should Skybox Customers do?
Skybox customers can rest easy. While it’s common for vulnerability scanners to miss vulnerabilities on network devices, Skybox addresses this shortcoming with Vulnerability Detector, a capability unique to the Skybox® Security Suite. Skybox customers using this feature would have seen this vulnerability and understood its severity on July 19. It’s likely that they will have probably already applied the patch.
If you’re a Skybox customer and you haven’t been making the most out of Vulnerability Detector, take the discovery of this vulnerability as a good reason why you should. Familiarize yourself with the feature and ensure that you’re getting the most out of your deployment.
If you’re not a Skybox customer — check whether you’re impacted by this vulnerability and, if you are, update to PAN-OS 9.0 today.
Exim Vulnerability Exploited In the Wild a Week After Discovery – Another vulnerability which can be remotely exploited only, in this case, it was exploited with 3.5 million servers left vulnerable
BlueKeep Wormable Vulnerability Brings Back WannaCry Memories – Keep your eyes trained on news about this vulnerability. If exploited in the wild, it could cause significant damage akin to WannaCry