CVE-2019-1580
published 2019-08-23CVE-2019-1580: Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote…
PriorityP354critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.22%
86.6th percentile
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 7.1.24 | — |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.19 | — |
| paloaltonetworks | pan-os | 8.1.0 – 8.1.9 | — |
| paloaltonetworks | pan-os | 9.0.0 – 9.0.3 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Memory Corruption in PAN-OS
vendor_paloalto·2019-08-21·CVSS 9.8
CVE-2019-1580 [CRITICAL] CWE-119 Memory Corruption in PAN-OS
Memory Corruption in PAN-OS
Palo Alto Networks is aware of a memory corruption vulnerability in PAN-OS (Ref: # PAN-123603/CVE-2019-1580).
Successful exploitation will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
This issue affects PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier.
Affected products: PAN-OS
Solution: PAN-OS 7.1.24-h1 and later, PAN-OS 8.0.19-h1 and later, PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.
Workaround: These issues affect the management interface of PAN-OS and are strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the managemen
GHSA
GHSA-278j-379h-8hqx: Memory corruption in PAN-OS 7
ghsa_unreviewed·2022-05-24
CVE-2019-1580 [CRITICAL] GHSA-278j-379h-8hqx: Memory corruption in PAN-OS 7
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-08-23
Published