• Creation
  • Validation
  • Communication & fix
  • Disclosure

magento.com / Palo Alto (Global-network) instance is outdated

Deleted user reported 2021-11-14

The following Palo Alto (Global-network) is publicly accessible and looks out-dated : https://gp.magento.com/global-protect/login.esp

It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.

The CVE-2021-3064 prevention reports are identified and dispatched with the help of https://twitter.com/HaboubiAnis

Reference:

IP:
52.2.247.67
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 6/2020
Version: 8.1.15
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-14
IP:
52.2.247.67
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 6/2020
Version: 8.1.15
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-18
IP:
52.2.247.67
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 6/2020
Version: 8.1.15
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-22
Report created by deleted-user  2021-11-14
Report approved by BloodyShell  2021-11-14
New PDF report generated by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
system commented 2021-11-24: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-24
Report comment dispatched to zythop by system 2021-11-24
Report comment dispatched to dns-admin@adobe.com by system 2021-11-24
Report comment dispatched to soc@us-cert.gov by system 2021-11-24
Report comment dispatched to psirt@adobe.com by system 2021-11-24
Report marked as fixed by BloodyShell  2021-11-26
Report closed by BloodyShell  2021-11-26
New PDF report generated by system 2021-11-26
Report edited by BloodyShell  2021-11-27
New PDF report generated by system 2021-11-27
Information
Owner magento.com
Created 2021-11-14 09:19
Updated 2021-11-27 15:02
Fixed true

Contacts
d...@adobe.com
s...@us-cert.gov
p...@adobe.com

Status
Status closed
Hosting contacted false
CERT contacted false

Download report