CVE-2019-1581
published 2019-08-23CVE-2019-1581: A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.24%
86.7th percentile
A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 7.1 < 7.1.24-h1, 7.1.25 | 7.1.24-h1, 7.1.25 |
| palo_alto_networks | pan-os | >= 8.0 < 8.0.19-h1, 8.0.20 | 8.0.19-h1, 8.0.20 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.9-h4, 8.1.10 | 8.1.9-h4, 8.1.10 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.3-h3, 9.0.4 | 9.0.3-h3, 9.0.4 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 7.1.24 | — |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.19 | — |
| paloaltonetworks | pan-os | 8.1.0 – 8.1.9 | — |
| paloaltonetworks | pan-os | 9.0.0 – 9.0.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target interface is the PAN-OS SSH device management interface; monitor for unauthenticated or anomalous SSH connections to the management interface, especially from unexpected source IPs ↗
- →Exploitation involves sending a crafted/malicious message to the SSH device management interface; inspect SSH management traffic for malformed or unexpected message structures ↗
- →Restrict and monitor network access to the PAN-OS SSH management interface; exploitation requires direct network access to this interface ↗
- ·Affected PAN-OS versions: 7.1.24 and earlier, 8.0.19 and earlier, 8.1.9 and earlier, 9.0.3 and earlier; patched versions are 7.1.24-h1, 8.0.19-h1, 8.1.9-h4, 9.0.3-h3 and later ↗
- ·Exploitation requires network-level access to the SSH management interface; restricting management interface exposure is a strong mitigation ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xm25-5jmx-4mjc: Mitigation bypass in PAN-OS 7
ghsa_unreviewed·2022-05-24
CVE-2019-1581 [CRITICAL] GHSA-xm25-5jmx-4mjc: Mitigation bypass in PAN-OS 7
Mitigation bypass in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to execute arbitrary code by crafting a malicious message.
Palo Alto
Remote code execution in PAN-OS SSH management interface
vendor_paloalto·2019-08-21·CVSS 9.8
CVE-2019-1581 [CRITICAL] CWE-20 Remote code execution in PAN-OS SSH management interface
Remote code execution in PAN-OS SSH management interface
Palo Alto Networks is aware of a remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. (Ref: # PAN-123564/ CVE-2019-1581).
Successful exploitation will allow a remote, unauthenticated user to execute arbitrary code by crafting and sending a malicious message to the SSH device management interface.
This issue affects PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier.
Affected products: PAN-OS
Solution: PAN-OS 7.1.24-h1 and later, PAN-OS 8.0.19-h1 and later, PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.
Work
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-08-23
Published