• Creation
  • Validation
  • Communication & fix
  • Disclosure

FranceTV / Palo Alto (Global-network) instance is outdated

zythop reported 2021-11-14

The following Palo Alto (Global-network) is publicly accessible and looks out-dated :

https://90.102.166.161/global-protect/login.esp

https://90.102.166.163/global-protect/login.esp

https://194.51.35.231/global-protect/login.esp

https://194.51.35.178/global-protect/login.esp

https://185.194.166.249/global-protect/login.esp

https://185.194.166.175/global-protect/login.esp

It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.

The CVE-2021-3064 prevention reports are identified and dispatched with the help of https://twitter.com/HaboubiAnis

Reference:

IP:
90.102.166.161
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 6/2020
Version: 8.1.15
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-14
IP:
90.102.166.161
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 6/2020
Version: 8.1.15
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-14
IP:
90.102.166.161
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 9/2020
Version: 8.1.17
Found by PaloAltoPlugin 2021-11-15
Report created by zythop  2021-11-14
Report edited by zythop  2021-11-14
Report edited by zythop  2021-11-14
Report edited by zythop  2021-11-14
Report edited by zythop  2021-11-14
Report approved by BloodyShell  2021-11-14
New PDF report generated by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
Report comment dispatched to BloodyShell by system 2021-11-14
Report comment dispatched to iampritam by system 2021-11-14
Report comment dispatched to fokoil by system 2021-11-14
Report comment dispatched to thLambda by system 2021-11-14
system commented 2021-11-17: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-17
Report comment dispatched to zythop by system 2021-11-17
Report comment dispatched to cert-fr.cossi@ssi.gouv.fr by system 2021-11-17
Report comment dispatched to servicesinteractifs-dns@francetv.fr by system 2021-11-17
Report comment dispatched to BloodyShell by system 2021-12-05
Report comment dispatched to iampritam by system 2021-12-05
Report comment dispatched to fokoil by system 2021-12-05
Report comment dispatched to thLambda by system 2021-12-05
Report edited by zythop  2021-12-25
New PDF report generated by system 2021-12-25
Report dispatched to ...@... by system 2021-12-25
Report edited by zythop  2022-01-06
New PDF report generated by system 2022-01-06
Report edited by zythop  2022-01-06
New PDF report generated by system 2022-01-06
Information
Owner FranceTV
Created 2021-11-14 07:39
Updated 2022-01-06 15:15
Fixed false

Contacts
c...@ssi.gouv.fr
s...@francetv.fr
f...@francetv.fr

Status
Status closed
Hosting contacted false
CERT contacted false

Download report