• Creation
  • Validation
  • Communication & fix
  • Disclosure

tiffany.cn / Palo Alto (Global-network) instance is outdated

Deleted user reported 2021-11-19

The following Palo Alto (Global-network) is publicly accessible and looks out-dated : https://azure-vpn.tiffany.cn/global-protect/login.esp

It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.

Reference:

IP:
40.73.117.77
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 3/2019
Version: 8.1.7
Affected by CVE-2020-2034
Affected by CVE-2020-2021
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-19
IP:
40.73.117.77
Port:
443
Detected protocol:
https
Found PAN-OS web frontend
Last update: 3/2019
Version: 8.1.7
Affected by CVE-2020-2034
Affected by CVE-2020-2021
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-20
Report created by deleted-user  2021-11-19
Report approved by BloodyShell  2021-11-20
New PDF report generated by system 2021-11-20
Report dispatched to ...@... by system 2021-11-20
Report dispatched to ...@... by system 2021-11-20
system commented 2021-11-22: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-22
Report comment dispatched to zythop by system 2021-11-22
Report comment dispatched to privacy@tiffany.com by system 2021-11-22
Report comment dispatched to tiffanyadmin@tiffany.com by system 2021-11-22
Report marked as fixed by BloodyShell  2021-11-22
Report closed by BloodyShell  2021-11-22
New PDF report generated by system 2021-11-22
Report edited by BloodyShell  2021-11-24
New PDF report generated by system 2021-11-24
Information
Owner tiffany.cn
Created 2021-11-19 11:54
Updated 2021-11-24 17:08
Fixed true

Contacts
p...@tiffany.com
t...@tiffany.com

Status
Status closed
Hosting contacted false
CERT contacted false

Download report