critical vulnerability has been discovered in Palo Alto GlobalProtect SSL VPN
software, the bug, somewhat unusual and is apparently said to be utilized by
big enterprise companies over the globe, including the ‘ride-hailing platform’
make secure channels and Virtual Private Network (VPN) tunnels for remote
workers – however was discreetly existing in more established adaptations i.e.
the older adaptations, the bug has been fixed with the release of recent
depict the bug as format string vulnerability in the PAN SSL Gateway, which
handles clients/server SSL handshakes.
issue lies in how the gateway handles specific value parameters without
legitimate sanitization, and an attacker sending a ‘crafted request’ to a
vulnerable SSL VPN target is sufficient to trigger an exploit easily.
Palo Alto’s security advisory, ‘the remote code execution flaw, tracked as
CVE-2019-1579, is present in GlobalProtect portal and GlobalProtect Gateway
vulnerability in old renditions of the product was first discovered and
revealed by Devcore researchers Orange Tsai and Meh Chang in a blog entry just
a week ago, a further examination found that there was no assigned CVE.
“silent fix” RCE was not replicable on the most recent rendition of
GlobalProtect, regardless of the success with the older variations.
investigation and exploring a bit the researchers revealed just about 22
Uber-owned servers utilizing a vulnerable version of GlobalProtect.
Uber tackled the issue as soon as it was made aware of it and further clarified
that, “Palo Alto SSL VPN was not the primary VPN in use by the majority of
staff members, and the software was hosted in AWS rather than embedded within
core infrastructure and so the potential impacted was deemed ‘low’…”
partial proof-of-concept (PoC) has likewise been released after the discoveries
provoked Palo Alto to publish a warning and the vulnerability’s CVE was then
even after Uber’s potential exposure may have been low as the older software
was facilitated in AWS, yet that does not mean other enterprises and companies
may not be vulnerable. It is therefore, prescribed that users update to a much
recent version as fast as they could given the circumstances.