Rewterz Threat Advisory – Citrix Multiple Security Vulnerabilities
July 9, 2020Rewterz Threat Advisory – ICS: Phoenix Contact Automation Worx Software Suite
July 10, 2020Rewterz Threat Advisory – Citrix Multiple Security Vulnerabilities
July 9, 2020Rewterz Threat Advisory – ICS: Phoenix Contact Automation Worx Software Suite
July 10, 2020Severity
High
Analysis Summary
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges. An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue. This issue cannot be exploited if the GlobalProtect portal feature is not enabled.
Impact
Execute arbitrary code
Affected Vendors
Palo Alto
Affected Products
- PAN-OS 9.1 versions earlier than PAN-OS 9.1.3
- PAN-OS 8.1 versions earlier than PAN-OS 8.1.15
- PAN-OS 9.0 versions earlier than PAN-OS 9.0.9
- all versions of PAN-OS 8.0 and PAN-OS 7.1
Remediation
Refer to Palo Alto advisory for the complete list of affected products and respective patches.