Palo Alto Networks · Twistlock · CVE-2019-1583
**Name of the Vulnerable Software and Affected Versions**
Palo Alto Networks Twistlock versions 19.07.358 and earlier
**Description**
The issue is related to insufficient access control in the Palo Alto Networks Twistlock complex for cloud services and platform protection. It allows a remote attacker to escalate privileges. Active interaction with an affected component is required for the payload to execute on the victim. A Twistlock user with Operator capabilities can escalate privileges to those of another user.
**Recommendations**
For versions 19.07.358 and earlier, consider restricting access to the Twistlock console to minimize the risk of exploitation until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.