cnvd - cnvd-2020-03057

CNVD-2020-03057

Vulnerability from cnvd - Published: 2020-01-21

Title

Palo Alto Networks PA-7080和PA-7050 PAN-OS存在未明漏洞

Description

Palo Alto Networks PA-7080和PA-7050都是美国Palo Alto Networks（Palo Alto Networks）公司的产品。Palo Alto Networks PA-7080是一款PA-7080系列防火墙产品。PA-7050是一款PA-7050系列防火墙产品。PAN-OS是一套为其防火墙设备开发的操作系统。 Palo Alto Networks PA-7080和PA-7050存在安全漏洞，该漏洞程序没有正确限制对Log Forwarding Card (LFC)通信的限制。攻击者可利用该漏洞获取PAN-OS的root权限。

Severity

高

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.paloaltonetworks.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-17440

Impacted products

Name
['Palo Alto Networks PA-7080 PAN-OS 9.0，<9.0.5-h3', 'Palo Alto Networks PA-7050 PAN-OS 9.0，<9.0.5-h3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-17440"
    }
  },
  "description": "Palo Alto Networks PA-7080\u548cPA-7050\u90fd\u662f\u7f8e\u56fdPalo Alto Networks\uff08Palo Alto Networks\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Palo Alto Networks PA-7080\u662f\u4e00\u6b3ePA-7080\u7cfb\u5217\u9632\u706b\u5899\u4ea7\u54c1\u3002PA-7050\u662f\u4e00\u6b3ePA-7050\u7cfb\u5217\u9632\u706b\u5899\u4ea7\u54c1\u3002PAN-OS\u662f\u4e00\u5957\u4e3a\u5176\u9632\u706b\u5899\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nPalo Alto Networks PA-7080\u548cPA-7050\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u7a0b\u5e8f\u6ca1\u6709\u6b63\u786e\u9650\u5236\u5bf9Log Forwarding Card (LFC)\u901a\u4fe1\u7684\u9650\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6PAN-OS\u7684root\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.paloaltonetworks.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03057",
  "openTime": "2020-01-21",
  "products": {
    "product": [
      "Palo Alto Networks PA-7080 PAN-OS 9.0\uff0c\u003c9.0.5-h3",
      "Palo Alto Networks PA-7050 PAN-OS 9.0\uff0c\u003c9.0.5-h3"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-17440",
  "serverity": "\u9ad8",
  "submitTime": "2019-12-23",
  "title": "Palo Alto Networks PA-7080\u548cPA-7050 PAN-OS\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2019-17440 (GCVE-0-2019-17440)

Vulnerability from cvelistv5 – Published: 2019-12-20 15:22 – Updated: 2024-09-17 01:56

Summary

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints

Assigner

palo_alto

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2019-17440

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Palo Alto Networks

PAN-OS

Affected: 9.0 , < 9.0.5-h3 (custom)

Palo Alto Networks

PAN-OS

Unaffected: 8.0
Unaffected: 8.1

Credits

Palo Alto Networks would like to thank Ayad (Ed) Sleiman, Head of Information Security at King Abdullah University of Science and Technology (KAUST) and his team for discovering and responsibly reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2019-17440"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "PA-7000 Series with 2nd Generation SMC"
          ],
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "9.0.6, 9.0.5-h3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.0.5-h3",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "8.0"
            },
            {
              "status": "unaffected",
              "version": "8.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks would like to thank Ayad (Ed) Sleiman, Head of Information Security at King Abdullah University of Science and Technology (KAUST) and his team for discovering and responsibly reporting this issue."
        }
      ],
      "datePublic": "2019-12-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-923",
              "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-17T16:03:48",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2019-17440"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in 9.0.5-h3 and all subsequent releases. Content update 8218-5815 also fixes the issue."
        }
      ],
      "source": {
        "advisory": "PAN-SA-2019-0040",
        "defect": [
          "PAN-134242"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access",
      "workarounds": [
        {
          "lang": "en",
          "value": "(1) Content update 8218-5815 can be applied without requiring a software update. Once the content update is installed please ensure that next PAN-OS upgrade is to a fixed version (9.0.5-h3 or later). Do not upgrade or downgrade to an affected release, as it can reintroduce the vulnerability.\n(2) Configure security policies to prevent network sessions destined to LFC.\n(3) Ensure that LFC is only connected to a secured administrative network with access restricted to trusted users.\n(4) Disable or disconnect LFC from the network until fixes can be applied."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2019-12-19T19:35:00.000Z",
          "ID": "CVE-2019-17440",
          "STATE": "PUBLIC",
          "TITLE": "PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PAN-OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "PA-7000 Series with 2nd Generation SMC",
                            "version_affected": "\u003c",
                            "version_name": "9.0",
                            "version_value": "9.0.5-h3"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.0",
                            "version_value": "8.0"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.1",
                            "version_value": "8.1"
                          },
                          {
                            "platform": "PA-7000 Series with 2nd Generation SMC",
                            "version_affected": "!\u003e=",
                            "version_name": "9.0",
                            "version_value": "9.0.6, 9.0.5-h3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks would like to thank Ayad (Ed) Sleiman, Head of Information Security at King Abdullah University of Science and Technology (KAUST) and his team for discovering and responsibly reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2019-17440",
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2019-17440"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in 9.0.5-h3 and all subsequent releases. Content update 8218-5815 also fixes the issue."
          }
        ],
        "source": {
          "advisory": "PAN-SA-2019-0040",
          "defect": [
            "PAN-134242"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "(1) Content update 8218-5815 can be applied without requiring a software update. Once the content update is installed please ensure that next PAN-OS upgrade is to a fixed version (9.0.5-h3 or later). Do not upgrade or downgrade to an affected release, as it can reintroduce the vulnerability.\n(2) Configure security policies to prevent network sessions destined to LFC.\n(3) Ensure that LFC is only connected to a secured administrative network with access restricted to trusted users.\n(4) Disable or disconnect LFC from the network until fixes can be applied."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2019-17440",
    "datePublished": "2019-12-20T15:22:18.040020Z",
    "dateReserved": "2019-10-10T00:00:00",
    "dateUpdated": "2024-09-17T01:56:43.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-03057

CVE-2019-17440 (GCVE-0-2019-17440)

Tags

Sightings

Nomenclature