• Creation
  • Validation
  • Communication & fix
  • Disclosure

Engie.com / Palo Alto (Global-network) instance is outdated

Deleted user reported 2021-11-14

The following Palo Alto (Global-network) is publicly accessible and looks out-dated :

https://195.68.98.55/global-protect/login.esp

https://195.68.94.203/global-protect/login.esp

https://90.83.57.148/global-protect/login.esp

https://90.83.57.149/global-protect/login.esp

https://90.83.57.147/global-protect/login.esp

It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.

The CVE-2021-3064 prevention reports are identified and dispatched with the help of https://twitter.com/HaboubiAnis

Reference:

IP:
195.68.98.55
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 6/2020
Version: 8.1.15-h3
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-14
IP:
195.68.98.55
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 6/2020
Version: 8.1.15-h3
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-18
IP:
195.68.98.55
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 6/2020
Version: 8.1.15-h3
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-22
Report created by deleted-user  2021-11-14
Report edited by deleted-user  2021-11-14
Report edited by deleted-user  2021-11-14
Report approved by BloodyShell  2021-11-14
New PDF report generated by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
system commented 2021-11-14: approved shows in report

Email from: cert-fr.cossi@ssi.gouv.fr

Hello,

We thank you for this information.

Kind regards,

--
ANSSI/SDO/CERT-FR
Agence nationale de la sécurité des systèmes d'information
Sous-Direction Opération
51, boulevard de La Tour-Maubourg - 75700 PARIS 07 SP
Tel : +33 (0)1 71 75 84 68
Mel : cert-fr.cossi@ssi.gouv.fr<mailto:cert-fr.cossi@ssi.gouv.fr> - Web : http://www.cert.ssi.gouv.fr

Le 14/11/2021 à 16:51, 0bdabd14-097e-4e3c-9a00-c7a9bbf27d43+<redacted>@reports.leakix.net<mailto:0bdabd14-097e-4e3c-9a00-c7a9bbf27d43+<redacted>@reports.leakix.net> a écrit :

Dear Engie.com,

Security researcher zythop has identified a security issue in your infrastructure through our prevention platform.
The issue has been confirmed by our team and its priority is critical.

Please use this email address ( 0bdabd14-097e-4e3c-9a00-c7a9bbf27d43+<redacted>@reports.leakix.net<mailto:0bdabd14-097e-4e3c-9a00-c7a9bbf27d43+<redacted>@reports.leakix.net> ) for further communications with the involved parties.

This report has been dispatched to [cert-fr.cossi@ssi.gouv.fr<mailto:cert-fr.cossi@ssi.gouv.fr> nomdedomaine@engie.com<mailto:nomdedomaine@engie.com> cert@engie.com<mailto:cert@engie.com>]

Report ID       0bdabd14-097e-4e3c-9a00-c7a9bbf27d43<https://leakix.net/reports/0bdabd14-097e-4e3c-9a00-c7a9bbf27d43?key=EVX54MlwqzQkzv8hAdbNfMqE>
Owner   Engie.com
Title   Palo Alto (Global-network) instance is outdated
Researcher report

The following Palo Alto (Global-network) is publicly accessible and looks out-dated :

https://195.68.98.55/global-protect/login.esp

https://195.68.94.203/global-protect/login.esp

https://90.83.57.148/global-protect/login.esp

https://90.83.57.149/global-protect/login.esp

https://90.83.57.147/global-protect/login.esp

It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.

The CVE-2021-3064 prevention reports are identified and dispatched with the help of https://twitter.com/HaboubiAnis

Reference:

*   https://security.paloaltonetworks.com/CVE-2021-3064

Related events
Host    Port    Source  Country Priority        Infected        Leak rows       Leak size
195.68.98.55 (195.68.98.55)     443     PaloAltoPlugin  France  critical        false   0 rows  0 B
Report timeline
Report created by zythop on Sun, 14 Nov 2021 09:59:40 UTC
Report edited by zythop on Sun, 14 Nov 2021 12:20:33 UTC
Report edited by zythop on Sun, 14 Nov 2021 12:33:06 UTC
Report approved by BloodyShell on Sun, 14 Nov 2021 15:51:19 UTC
New PDF report generated by system on Sun, 14 Nov 2021 15:51:20 UTC

This is a free prevention report and not a sales attempt.
While we do encourage rewarding researchers, we do not promote any kind of ransom or extortion scheme.
Should a researcher require money from you, let us know at fraud@leakix.net<mailto:fraud@leakix.net>, we'll take
the appropriate actions and provide you guidance in the next steps.

[X]
LeakIX prevention team
support@leakix.net<mailto:support@leakix.net>
https://leakix.net/

Cordialement.

--
ANSSI/SDO/CERT-FR
Agence nationale de la sécurité des systèmes d'information
Sous-Direction Opération
51, boulevard de La Tour-Maubourg - 75700 PARIS 07 SP
Tel : +33 (0)1 71 75 84 68
Mel : cert-fr.cossi@ssi.gouv.fr<mailto:cert-fr.cossi@ssi.gouv.fr> - Web : http://www.cert.ssi.gouv.fr

--
Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,merci de le detruire ainsi que toute copie de votre systeme et d'en
avertir immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de ce message qui n'est pas conforme a sa destination,
toute diffusion ou toute publication, totale ou partielle, est interdite et pourra faire l'objet de sanctions.
---------------------------------------------------------------------------------------------------------------------------------------------
This message and any attachments (the"message") is intended solely for the intended addressees and is confidential. If you receive this message
in error,or are not the intended recipient(s), please delete it and any copies from your systems and immediately notify the sender.
Any unauthorized view, use that does not comply with its purpose,dissemination or disclosure, either whole or partial, is prohibited
and may be subject to penalties.
--
Ce message et ses pièces jointes peuvent contenir des informations confidentielles ou privilégiées et ne doivent donc pas être diffusés, exploités
ou copiés sans autorisation. Si vous recevez ce message par erreur, vous êtes prié d’en informer l’expéditeur et de détruire le message.
Les données à caractère personnel recueillies et traitées dans le cadre de cet échange, le sont à seule fin d’exécution d’une relation professionnelle
et s’opèrent dans cette seule finalité et pour la durée nécessaire à cette relation.
Si vous souhaitez faire usage de vos droits de consultation, de rectification et de suppression de vos données, veuillez contacter contact.rgpd@sgdsn.gouv.fr<mailto:contact.rgpd@sgdsn.gouv.fr>

Les données à caractère personnel recueillies et traitées dans le cadre de cet échange, le sont à seule fin d’exécution d’une relation professionnelle et s’opèrent dans cette seule finalité et pour la durée nécessaire à cette relation. Si vous souhaitez faire usage de vos droits de consultation, de rectification et de suppression de vos données, veuillez contacter contact.rgpd@sgdsn.gouv.fr. Si vous avez reçu ce message par erreur, nous vous remercions d’en informer l’expéditeur et de détruire le message. The personal data collected and processed during this exchange aims solely at completing a business relationship and is limited to the necessary duration of that relationship. If you wish to use your rights of consultation, rectification and deletion of your data, please contact: contact.rgpd@sgdsn.gouv.fr. If you have received this message in error, we thank you for informing the sender and destroying the message.

Report comment dispatched to BloodyShell by system 2021-11-14
Report comment dispatched to iampritam by system 2021-11-14
Report comment dispatched to fokoil by system 2021-11-14
Report comment 53d0d8 approved by BloodyShell  2021-11-14
New PDF report generated by system 2021-11-14
Report comment dispatched to zythop by system 2021-11-14
Report comment dispatched to cert-fr.cossi@ssi.gouv.fr by system 2021-11-14
Report comment dispatched to nomdedomaine@engie.com by system 2021-11-14
Report comment dispatched to cert@engie.com by system 2021-11-14
system commented 2021-11-24: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-24
Report comment dispatched to zythop by system 2021-11-24
Report comment dispatched to cert-fr.cossi@ssi.gouv.fr by system 2021-11-24
Report comment dispatched to nomdedomaine@engie.com by system 2021-11-24
Report comment dispatched to cert@engie.com by system 2021-11-24
Report edited by BloodyShell  2021-11-24
New PDF report generated by system 2021-11-24
Report marked as fixed by BloodyShell  2021-11-24
Report closed by BloodyShell  2021-11-24
New PDF report generated by system 2021-11-24
Information
Owner Engie.com
Created 2021-11-14 09:59
Updated 2021-11-24 17:11
Fixed true

Contacts
c...@ssi.gouv.fr
n...@engie.com
c...@engie.com

Status
Status closed
Hosting contacted false
CERT contacted false

Download report