• Creation
  • Validation
  • Communication & fix
  • Disclosure

bostondynamics.com / Palo Alto (Global-network) instance is outdated
Deleted user reported 2021-11-14

The following Palo Alto (Global-network) is publicly accessible and looks out-dated :

https://207.180.133.150/global-protect/login.esp

https://207.180.133.151/global-protect/login.esp

https://207.180.133.157/global-protect/login.esp

https://207.180.133.142/global-protect/login.esp

https://207.180.133.143/global-protect/login.esp

https://207.180.133.144/global-protect/login.esp

https://12.185.164.195/global-protect/login.esp

https://12.185.164.194/global-protect/login.esp

It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.

The CVE-2021-3064 prevention reports are identified and dispatched with the help of https://twitter.com/HaboubiAnis

Reference:

IP:
207.180.133.151
Port:
443
Detected protocol:
https
Vulnerable URL:
https://207.180.133.151/global-protect/portal/images/favicon.ico 
Found PAN-OS web frontend
Last update: 6/2020
Version: 8.1.15-h3
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-14
Report created by deleted-user  2021-11-14
Report edited by deleted-user  2021-11-14
Report edited by deleted-user  2021-11-14
Report edited by deleted-user  2021-11-14
Report approved by BloodyShell  2021-11-14
New PDF report generated by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
system commented 2021-11-14: approved shows in report 

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-14
Report comment dispatched to zythop by system 2021-11-14
Report comment dispatched to privacy@bostondynamics.com by system 2021-11-14
Report comment dispatched to soc@us-cert.gov by system 2021-11-14
Report comment dispatched to ibsmz0osqjon@contactprivacy.email by system 2021-11-14
BloodyShell commented 2021-11-14: approved shows in report 

Not fixed, probe is blocked by remote server

New PDF report generated by system 2021-11-14
Report comment dispatched to zythop by system 2021-11-14
Report comment dispatched to privacy@bostondynamics.com by system 2021-11-14
Report comment dispatched to soc@us-cert.gov by system 2021-11-14
Report comment dispatched to ibsmz0osqjon@contactprivacy.email by system 2021-11-14
Report comment dispatched to BloodyShell by system 2021-12-05
Report comment dispatched to iampritam by system 2021-12-05
Report comment dispatched to fokoil by system 2021-12-05
Report comment dispatched to thLambda by system 2021-12-05
Report marked as fixed by deleted-user  2022-02-19
Report closed by deleted-user  2022-02-19
New PDF report generated by system 2022-02-19
Report edited by deleted-user  2022-02-19
New PDF report generated by system 2022-02-19
Information
Owner bostondynamics.com
Created 2021-11-14 08:24
Updated 2022-02-19 15:15
Fixed true
Contacts
p...@bostondynamics.com
s...@us-cert.gov
i...@contactprivacy.email
Status
Status closed
Hosting contacted false
CERT contacted false
Download report

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice