- Creation
- Validation
- Communication & fix
- Disclosure
Nhs.uk / Palo Alto (Global-network) instance is outdated
Deleted user
reported 2021-11-19
The following Palo Alto (Global-network) is publicly accessible and looks out-dated :
https://185.49.75.154/global-protect/login.esp
https://185.49.74.150/global-protect/login.esp
https://185.49.74.148/global-protect/login.esp
It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.
Reference:
- https://security.paloaltonetworks.com/CVE-2021-3064
- https://security.paloaltonetworks.com/CVE-2020-2021
- https://security.paloaltonetworks.com/CVE-2020-2034
IP:
185.49.75.154Port:
443Detected protocol:
httpsVulnerable URL:
https://185.49.75.154/global-protect/portal/images/favicon.icoFound PAN-OS web frontend
Last update: 7/2019
Version: 8.1.9
Affected by CVE-2020-2034
Affected by CVE-2020-2021
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-17
IP:
185.49.75.154Port:
443Detected protocol:
httpsVulnerable URL:
https://185.49.75.154/global-protect/portal/images/favicon.icoFound PAN-OS web frontend
Last update: 7/2019
Version: 8.1.9
Affected by CVE-2020-2034
Affected by CVE-2020-2021
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2022-02-08
IP:
185.49.75.154Port:
443Detected protocol:
httpsVulnerable URL:
https://185.49.75.154/global-protect/portal/images/favicon.icoFound PAN-OS web frontend
Last update: 7/2019
Version: 8.1.9
Affected by CVE-2020-2034
Affected by CVE-2020-2021
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2022-02-10
Report created by
deleted-user
2021-11-19
deleted-user
2021-11-19
Report approved by
BloodyShell
2021-11-20
BloodyShell
2021-11-20
New PDF report generated by system 2021-11-20
Report dispatched to ...@... by system 2021-11-20
Report dispatched to ...@... by system 2021-11-20
Report marked as fixed by
deleted-user
2022-02-10
deleted-user
2022-02-10
Report closed by
deleted-user
2022-02-10
deleted-user
2022-02-10
New PDF report generated by system 2022-02-10
Report edited by
deleted-user
2022-02-10
deleted-user
2022-02-10
New PDF report generated by system 2022-02-10
Information
Owner
Nhs.uk
Created
2021-11-19 16:45
Updated
2022-02-10 13:06
Fixed
true
Contacts
c...@nhsdigital.nhs.uk
i...@ncsc.gov.uk
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report