CVE-2019-17437
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | PAN-OS | unspecified <= 7.0 | unknown |
| Palo Alto Networks | PAN-OS | 7.1 < 7.1.25 | affected |
| Palo Alto Networks | PAN-OS | 8.0 < 8.0.20 | affected |
| Palo Alto Networks | PAN-OS | 8.1 < 8.1.11 | affected |
| Palo Alto Networks | PAN-OS | 9.0 < 9.0.5 | affected |
Weaknesses
- CWE-280: CWE-280 Improper Handling of Insufficient Permissions or Privileges
Workarounds
Remove any untrusted custom-role users from the device or disable their access until fixes can be applied. Restrict access to the device to only trusted users.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.