CVE-2019-1572
published 2019-03-26CVE-2019-1572: PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.
PriorityP349high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
2.47%
82.5th percentile
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-29mr-2jgg-289p: PAN-OS 9
ghsa_unreviewed·2022-05-13
CVE-2019-1572 [HIGH] GHSA-29mr-2jgg-289p: PAN-OS 9
PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.
Palo Alto
Authentication Bypass in PAN-OS Management Web Interface
vendor_paloalto·2019-03-28·CVSS 7.5
CVE-2019-1572 [HIGH] CWE-287 Authentication Bypass in PAN-OS Management Web Interface
Authentication Bypass in PAN-OS Management Web Interface
An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface. (Ref # PAN-113675, CVE-2019-1572)
Successful exploitation of this issue may allow an unauthenticated remote user to access php files.
This issue affects Only PAN-OS 9.0.0
Affected products: PAN-OS
Solution: PAN-OS 9.0.1 and later
Workaround: This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS. Our best practices guidelines reduce the exposure of the management interface to potential attackers. We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network s
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-03-26
Published