Palo Alto Networks has patched a remote code execution (RCE) vulnerability in its GlobalProtect portal and GlobalProtect Gateway interface products. These same products run on the Palo Alto Networks’ firewalls.
What’s especially dangerous about this issue is it affects SSL VPN, which is designed to protect corporate systems and networks from internet threats. GlobalProtect is Palo Alto Networks’ VPN product and is built right into their firewall products.
Palo Alto Networks fixed the RCE vulnerability CVE-2019-1579 in a recent maintenance release on July 18.
The company warned that an unauthenticated attacker could exploit this vulnerability to execute arbitrary code.
Security researchers from Orange Tsai discovered the issue while performing Red Team exercises.
However, after trying to exploit the same flaw on a more updated version of GlobalProtect, the researchers failed to reproduce the issue. That is when the company found Palo Alto Networks silently fixed the vulnerability as part of a recent PAN-OS update.
The researchers also described the bug and exploit code in more detail. The company also added a case study of a large company, Uber, vulnerable to the flaw.
Products affected include: PAN-OS 7.1.18 (and earlier), PAN-OS 8.0.11 (and earlier) and PAN-OS 8.1.2 (and earlier releases). However, PAN-OS 9.0 is not affected by the flaw.
Mitigations
Organizations should apply the necessary updates, to include: PAN-OS 7.1.19 and later, PAN-OS 8.0.12 and later, and PAN-OS 8.1.3 and later releases.