PT-2019-5494 · Palo Alto Networks+1 · Pan-Os+1
Christophe Schleypen
·
Published
2019-12-04
·
Updated
2019-12-13
·
CVE-2019-17437
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PAN-OS versions 7.1 prior to 7.1.25
PAN-OS versions 8.0 prior to 8.0.20
PAN-OS versions 8.1 prior to 8.1.11
PAN-OS versions 9.0 prior to 9.0.5
Description
The issue is related to an improper authentication check in the PAN-OS operating system, which may allow an authenticated low-privileged non-superuser custom role user to elevate privileges and become a superuser.
Recommendations
For PAN-OS versions 7.1 prior to 7.1.25, update to version 7.1.25 or later.
For PAN-OS versions 8.0 prior to 8.0.20, update to version 8.0.20 or later.
For PAN-OS versions 8.1 prior to 8.1.11, update to version 8.1.11 or later.
For PAN-OS versions 9.0 prior to 9.0.5, update to version 9.0.5 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pan-Os
Suse