CVE-2019-17437

Summary

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPAN-OSunspecified <= 7.0unknown
Palo Alto NetworksPAN-OS7.1 < 7.1.25affected
Palo Alto NetworksPAN-OS8.0 < 8.0.20affected
Palo Alto NetworksPAN-OS8.1 < 8.1.11affected
Palo Alto NetworksPAN-OS9.0 < 9.0.5affected

Weaknesses

  • CWE-280: CWE-280 Improper Handling of Insufficient Permissions or Privileges

Workarounds

Remove any untrusted custom-role users from the device or disable their access until fixes can be applied. Restrict access to the device to only trusted users.

ADP Enrichment

CVE Program Container

Additional References

References