Palo Alto PAN-OS up to 7.1.24/8.0.19/8.1.10/9.0.4 insufficient permissions or privileges

Summaryinfo

A vulnerability classified as critical has been found in Palo Alto PAN-OS up to 7.1.24/8.0.19/8.1.10/9.0.4. Affected by this issue is some unknown functionality. This manipulation causes insufficient permissions or privileges. The identification of this vulnerability is CVE-2019-17437. The attack can only be executed locally. There is no exploit available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability classified as critical was found in Palo Alto PAN-OS up to 7.1.24/8.0.19/8.1.10/9.0.4 (Firewall Software). Affected by this vulnerability is some unknown processing. The manipulation with an unknown input leads to a insufficient permissions or privileges vulnerability. The CWE definition for the vulnerability is CWE-280. The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.

The weakness was shared 12/05/2019 (Website). It is possible to read the advisory at securityadvisories.paloaltonetworks.com. This vulnerability is known as CVE-2019-17437 since 10/10/2019. Attacking locally is a requirement. Required for exploitation is a single authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1222 according to MITRE ATT&CK.

Upgrading to version 7.1.25, 8.0.20, 8.1.11 or 9.0.5 eliminates this vulnerability.

The entry VDB-140750 is related to this item. Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Palo Alto

Name

• PAN-OS

Version

• 7.1.0
• 7.1.1
• 7.1.2
• 7.1.3
• 7.1.4
• 7.1.5
• 7.1.6
• 7.1.7
• 7.1.8
• 7.1.9
• 7.1.10
• 7.1.11
• 7.1.12
• 7.1.13
• 7.1.14
• 7.1.15
• 7.1.16
• 7.1.17
• 7.1.18
• 7.1.19
• 7.1.20
• 7.1.21
• 7.1.22
• 7.1.23
• 7.1.24
• 8.0.0
• 8.0.1
• 8.0.2
• 8.0.3
• 8.0.4
• 8.0.5
• 8.0.6
• 8.0.7
• 8.0.8
• 8.0.9
• 8.0.10
• 8.0.11
• 8.0.12
• 8.0.13
• 8.0.14
• 8.0.15
• 8.0.16
• 8.0.17
• 8.0.18
• 8.0.19
• 8.1.0
• 8.1.1
• 8.1.2
• 8.1.3
• 8.1.4
• 8.1.5
• 8.1.6
• 8.1.7
• 8.1.8
• 8.1.9
• 8.1.10
• 9.0.0
• 9.0.1
• 9.0.2
• 9.0.3
• 9.0.4

License

• commercial

Website

• Vendor: https://www.paloaltonetworks.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion