CVE-2019-17437
published 2019-12-05CVE-2019-17437: An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges…
PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.34%
25.3th percentile
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 7.1 < 7.1.25 | 7.1.25 |
| palo_alto_networks | pan-os | >= 8.0 < 8.0.20 | 8.0.20 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.11 | 8.1.11 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.5 | 9.0.5 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 7.1.0 < 7.1.25 | 7.1.25 |
| paloaltonetworks | pan-os | >= 8.0.0 < 8.0.20 | 8.0.20 |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.11 | 8.1.11 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.5 | 9.0.5 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-73g7-p5mh-vr2v: An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate priv
ghsa_unreviewed·2022-05-24
CVE-2019-17437 [MEDIUM] GHSA-73g7-p5mh-vr2v: An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate priv
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.
Palo Alto
PAN-OS: Custom-role users may escalate privileges
vendor_paloalto·2019-12-04·CVSS 7.8
CVE-2019-17437 [HIGH] CWE-280 PAN-OS: Custom-role users may escalate privileges
PAN-OS: Custom-role users may escalate privileges
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser.
This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5.
PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.
Affected products: PAN-OS
Solution: This issue has been resolved in 7.1.25, 8.0.20, 8.1.11, 9.0.5 and all subsequent versions.
Workaround: Remove any untrusted custom-role users from the device or disable their access until fixes can be applied. Restrict access to the device to only trusted users.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-12-05
Published