Main Vulnerability Database SB2019071629

SB2019071629 - Information disclosure in Palo Alto PAN-OS

Published: July 16, 2019 Updated: August 8, 2020

Security Bulletin ID SB2019071629

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2019-1575)

The vulnerability allows a remote authenticated user to execute arbitrary code.

Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them.

Remediation

Install update from vendor's website.

References

http://www.securityfocus.com/bid/109176
https://security.paloaltonetworks.com/CVE-2019-1575