Search...

CVE-2019-1572

2019-03-26T22:29:00

ID CVE-2019-1572
Type cve
Reporter cve@mitre.org
Modified 2020-08-24T17:37:00

Description

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.

JSON Vulners Source

Initial Source

{"id": "CVE-2019-1572", "bulletinFamily": "NVD", "title": "CVE-2019-1572", "description": "PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.", "published": "2019-03-26T22:29:00", "modified": "2020-08-24T17:37:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1572", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/107720", "https://security.paloaltonetworks.com/CVE-2019-1572"], "cvelist": ["CVE-2019-1572"], "type": "cve", "lastseen": "2020-10-03T13:38:45", "edition": 5, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["PALO_ALTO_PAN-SA-2019-0005.NASL"]}, {"type": "paloalto", "idList": ["PAN-SA-2019-0005"]}], "modified": "2020-10-03T13:38:45", "rev": 2}, "score": {"value": 4.3, "vector": "NONE", "modified": "2020-10-03T13:38:45", "rev": 2}, "vulnersScore": 4.3}, "cpe": ["cpe:/o:paloaltonetworks:pan-os:9.0.0"], "affectedSoftware": [{"cpeName": "paloaltonetworks:pan-os", "name": "paloaltonetworks pan-os", "operator": "eq", "version": "9.0.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:o:paloaltonetworks:pan-os:9.0.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"paloalto": [{"lastseen": "2020-12-24T13:20:54", "bulletinFamily": "software", "cvelist": ["CVE-2019-1572"], "description": "An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface. (Ref # PAN-113675, CVE-2019-1572)\nSuccessful exploitation of this issue may allow an unauthenticated remote user to access php files.\nThis issue affects Only PAN-OS 9.0.0\n\n**Work around:**\nThis issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS. Our best practices guidelines reduce the exposure of the management interface to potential attackers. We recommend that the management interface be isolated and strictly limited only to security administration personnel through either network segmentation or using the IP access control list restriction feature within PAN-OS. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.", "edition": 5, "modified": "2019-03-28T20:05:00", "published": "2019-03-28T20:05:00", "id": "PAN-SA-2019-0005", "href": "https://securityadvisories.paloaltonetworks.com/CVE-2019-1572", "title": "Authentication Bypass in PAN-OS Management Web Interface", "type": "paloalto", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-01T04:54:07", "description": "The version of Palo Alto Networks PAN-OS running on the remote host\nis 9.0.0 prior to 9.0.1. It is, therefore, affected by an\nauthentication bypass vulnerability that exists in the PAN-OS\nmanagement web interface. An unauthenticated, remote attacker can\nexploit this and may get access to php files. (CVE-2019-1572)", "edition": 16, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-04-12T00:00:00", "title": "Palo Alto Networks 9.0.0 < 9.0.1 Authentication Bypass vulnerability (PAN-SA-2019-0005)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1572"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:paloaltonetworks:pan-os"], "id": "PALO_ALTO_PAN-SA-2019-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/124009", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124009);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/07/18 15:47:53\");\n\n script_cve_id(\"CVE-2019-1572\");\n script_bugtraq_id(107720);\n\n script_name(english:\"Palo Alto Networks 9.0.0 < 9.0.1 Authentication Bypass vulnerability (PAN-SA-2019-0005)\");\n script_summary(english:\"Checks the PAN-OS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an authentication bypass vulnerability that exists in the PAN-OS management web interface\");\n script_set_attribute(attribute:\"description\",value:\n\"The version of Palo Alto Networks PAN-OS running on the remote host\nis 9.0.0 prior to 9.0.1. It is, therefore, affected by an\nauthentication bypass vulnerability that exists in the PAN-OS\nmanagement web interface. An unauthenticated, remote attacker can\nexploit this and may get access to php files. (CVE-2019-1572)\");\n #https://securityadvisories.paloaltonetworks.com/Home/Detail/145\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55c233ea\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Palo Alto Networks PAN-OS version 9.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1572\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:paloaltonetworks:pan-os\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Palo Alto Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"palo_alto_version.nbin\");\n script_require_keys(\"Host/Palo_Alto/Firewall/Full_Version\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp_name = 'Palo Alto Networks PAN-OS';\n\napp_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', webapp:true);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'min_version' : '9.0', 'fixed_version' : '9.0.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}