CVE-2019-1581

PAN-OS: Remote code execution vulnerability in the PAN-OS SSH device management interface

Description

A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4.

Remediation

Solution:

This issue has been resolved in PAN-OS 7.1.24-h1 and later, PAN-OS 8.0.19-h1 and later, PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.

Workaround:

This issue affects the SSH management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interfaces. Our best practices guidelines reduce the exposure of device management interfaces to potential attacker.

References

Link	Tags
https://security.paloaltonetworks.com/CVE-2019-1581

Frequently Asked Questions

What is the severity of CVE-2019-1581?: CVE-2019-1581 has been scored as a critical severity vulnerability.
How to fix CVE-2019-1581?: To fix CVE-2019-1581: This issue has been resolved in PAN-OS 7.1.24-h1 and later, PAN-OS 8.0.19-h1 and later, PAN-OS 8.1.9-h4 and later, and PAN-OS 9.0.3-h3 and later.
Is CVE-2019-1581 being actively exploited in the wild?: It is possible that CVE-2019-1581 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~4% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-1581?: CVE-2019-1581 affects Palo Alto Networks PAN-OS.

Description

Remediation

Categories

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-20 – Improper Input Validation

References

Frequently Asked Questions