• Creation
  • Validation
  • Communication & fix
  • Disclosure

info@cartes.it / Palo Alto (Global-network) instance is outdated + EXCHANGE

zythop reported 2021-11-19

The following Palo Alto (Global-network) is publicly accessible and looks out-dated : https://vpn.cartes.it:7000/global-protect/login.esp

It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.

Reference:

IP:
94.138.172.159
Port:
7000
Detected protocol:
https
Found PAN-OS web frontend
Last update: 9/2019
Version: 9.0.4
Affected by CVE-2020-2034
Affected by CVE-2020-2021
Found by PaloAltoPlugin 2021-11-16
IP:
94.138.172.159
Port:
7000
Detected protocol:
https
Found PAN-OS web frontend
Last update: 9/2019
Version: 9.0.4
Affected by CVE-2020-2034
Affected by CVE-2020-2021
Found by PaloAltoPlugin 2021-11-30
IP:
94.138.172.159
Port:
7000
Detected protocol:
https
Found PAN-OS web frontend
Last update: 9/2019
Version: 9.0.4
Affected by CVE-2020-2034
Affected by CVE-2020-2021
Found by PaloAltoPlugin 2021-12-01
Report created by zythop  2021-11-19
Report approved by BloodyShell  2021-11-19
New PDF report generated by system 2021-11-19
Report dispatched to ...@... by system 2021-11-19
system commented 2022-01-05: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2022-01-05
Report comment dispatched to zythop by system 2022-01-05
Report comment dispatched to info@cartes.it by system 2022-01-05
Report marked as fixed by BloodyShell  2022-01-05
Report closed by BloodyShell  2022-01-05
New PDF report generated by system 2022-01-05
Report edited by zythop  2022-01-06
New PDF report generated by system 2022-01-06
Information
Owner info@cartes.it
Created 2021-11-19 12:29
Updated 2022-01-06 12:20
Fixed true

Contacts
i...@cartes.it

Status
Status closed
Hosting contacted false
CERT contacted false

Download report