• Creation
  • Validation
  • Communication & fix
  • Disclosure

Exmar.be / Palo Alto (Global-network) instance is outdated

Deleted user reported 2021-11-14

The following Palo Alto (Global-network) is publicly accessible and looks out-dated : https://128.0.156.10/global-protect/login.esp

It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.

Reference:

IP:
128.0.156.10
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 8/2020
Version: 8.1.16
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-14
IP:
128.0.156.10
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 8/2020
Version: 8.1.16
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2022-01-05
IP:
128.0.156.10
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 8/2020
Version: 8.1.16
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2022-01-06
Report created by deleted-user  2021-11-14
Report approved by BloodyShell  2021-11-15
New PDF report generated by system 2021-11-15
Report dispatched to ...@... by system 2021-11-15
Report dispatched to ...@... by system 2021-11-15
Report dispatched to ...@... by system 2021-11-15
system commented 2022-02-08: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2022-02-08
Report comment dispatched to zythop by system 2022-02-08
Report comment dispatched to info@exmar.be by system 2022-02-08
Report comment dispatched to technical@dvo.fr by system 2022-02-08
Report comment dispatched to vulnerabilitydisclosure@ccb.belgium.be by system 2022-02-08
Report marked as fixed by deleted-user  2022-02-08
Report closed by deleted-user  2022-02-08
New PDF report generated by system 2022-02-08
Report edited by deleted-user  2022-02-08
New PDF report generated by system 2022-02-08
Information
Owner Exmar.be
Created 2021-11-14 20:59
Updated 2022-02-08 16:27
Fixed true

Contacts
i...@exmar.be
t...@dvo.fr
v...@ccb.belgium.be

Status
Status closed
Hosting contacted false
CERT contacted false

Download report