cbcvebase.
CVE-2019-1581
published 2019-08-23

CVE-2019-1581: A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.24%
86.7th percentile
A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4.

Affected

9 ranges
VendorProductVersion rangeFixed in
palo_alto_networkspan-os>= 7.1 < 7.1.24-h1, 7.1.257.1.24-h1, 7.1.25
palo_alto_networkspan-os>= 8.0 < 8.0.19-h1, 8.0.208.0.19-h1, 8.0.20
palo_alto_networkspan-os>= 8.1 < 8.1.9-h4, 8.1.108.1.9-h4, 8.1.10
palo_alto_networkspan-os>= 9.0 < 9.0.3-h3, 9.0.49.0.3-h3, 9.0.4
paloaltopan-os
paloaltonetworkspan-os<= 7.1.24
paloaltonetworkspan-os8.0.0 – 8.0.19
paloaltonetworkspan-os8.1.0 – 8.1.9
paloaltonetworkspan-os9.0.0 – 9.0.3

Detection & IOCsextracted from sources · hover to see the quote

  • Target interface is the PAN-OS SSH device management interface; monitor for unauthenticated or anomalous SSH connections to the management interface, especially from unexpected source IPs
  • Exploitation involves sending a crafted/malicious message to the SSH device management interface; inspect SSH management traffic for malformed or unexpected message structures
  • Restrict and monitor network access to the PAN-OS SSH management interface; exploitation requires direct network access to this interface
  • ·Affected PAN-OS versions: 7.1.24 and earlier, 8.0.19 and earlier, 8.1.9 and earlier, 9.0.3 and earlier; patched versions are 7.1.24-h1, 8.0.19-h1, 8.1.9-h4, 9.0.3-h3 and later
  • ·Exploitation requires network-level access to the SSH management interface; restricting management interface exposure is a strong mitigation

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.