PT-2019-3143 · Palo Alto Networks · Twistlock

William Wirahasbianto

Published

2019-08-23

Updated

2020-08-24

CVE-2019-1583

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Twistlock versions 19.07.358 and earlier

Description The issue is related to insufficient access control in the Palo Alto Networks Twistlock complex for cloud services and platform protection. It allows a remote attacker to escalate privileges. Active interaction with an affected component is required for the payload to execute on the victim. A Twistlock user with Operator capabilities can escalate privileges to those of another user.

Recommendations For versions 19.07.358 and earlier, consider restricting access to the Twistlock console to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-79

Related Identifiers

BDU:2019-03129

CVE-2019-1583

Affected Products

Twistlock

PT-2019-3143 · Palo Alto Networks · Twistlock

CVE-2019-1583

Weakness Enumeration

Related Identifiers

Affected Products

References · 5