- Creation
- Validation
- Communication & fix
- Disclosure
credit-agricole.com / Palo Alto (Global-network) instance is outdated
Deleted user
reported 2022-01-13
The following Palo Alto (Global-network) is publicly accessible and looks out-dated : https://34.247.247.37/global-protect/login.esp
It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.
Reference:
IP:
34.247.247.37Port:
443Detected protocol:
httpsVulnerable URL:
https://34.247.247.37/global-protect/portal/images/favicon.icoFound PAN-OS web frontend
Last update: 4/2020
Version: 7.1.26
Affected by CVE-2020-2034
Found by PaloAltoPlugin 2022-01-08
Report created by
deleted-user
2022-01-13
deleted-user
2022-01-13
Report approved by
deleted-user
2022-01-13
deleted-user
2022-01-13
New PDF report generated by system 2022-01-13
Report dispatched to ...@... by system 2022-01-13
Report dispatched to ...@... by system 2022-01-13
Report comment dispatched to BloodyShell by system 2022-01-13
Report comment dispatched to iampritam by system 2022-01-13
Report comment dispatched to zythop by system 2022-01-13
Report comment dispatched to fokoil by system 2022-01-13
Report comment dispatched to thLambda by system 2022-01-13
system
commented 2022-02-08:
approved
shows in report
bip! I'm a LeakIX probe. This issue looks like it has been resolved!
New PDF report generated by system 2022-02-08
Report comment dispatched to zythop by system 2022-02-08
Report comment dispatched to cert@credit-agricole.com by system 2022-02-08
Report comment dispatched to cert-fr.cossi@ssi.gouv.fr by system 2022-02-08
Report marked as fixed by
deleted-user
2022-02-08
deleted-user
2022-02-08
Report closed by
deleted-user
2022-02-08
deleted-user
2022-02-08
New PDF report generated by system 2022-02-08
Information
Owner
credit-agricole.com
Created
2022-01-13 12:52
Updated
2022-02-08 16:08
Fixed
true
Contacts
c...@credit-agricole.com
c...@ssi.gouv.fr
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report