- Creation
- Validation
- Communication & fix
- Disclosure
orangecyberdefense.com / Palo Alto (Global-network) instance is outdated
Deleted user
reported 2021-11-14
The following Palo Alto (Global-network) is publicly accessible and looks out-dated : https://212.247.83.243/global-protect/login.esp
It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device.
The CVE-2021-3064 prevention reports are identified and dispatched with the help of https://twitter.com/HaboubiAnis
Reference:
- https://security.paloaltonetworks.com/CVE-2021-3064
- https://security.paloaltonetworks.com/CVE-2020-2021
- https://security.paloaltonetworks.com/CVE-2020-2034
IP:
212.247.83.243Port:
443Detected protocol:
httpsVulnerable URL:
https://212.247.83.243/global-protect/portal/images/favicon.icoFound PAN-OS web frontend
Last update: 10/2019
Version: 8.1.11
Affected by CVE-2020-2034
Affected by CVE-2020-2021
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-14
IP:
212.247.83.243Port:
443Detected protocol:
httpsVulnerable URL:
https://212.247.83.243/global-protect/portal/images/favicon.icoFound PAN-OS web frontend
Last update: 10/2019
Version: 8.1.11
Affected by CVE-2020-2034
Affected by CVE-2020-2021
Affected by CVE-2021-3064
Found by PaloAltoPlugin 2021-11-14
Report created by
deleted-user
2021-11-14
deleted-user
2021-11-14
Report edited by
deleted-user
2021-11-14
deleted-user
2021-11-14
Report approved by
BloodyShell
2021-11-14
BloodyShell
2021-11-14
New PDF report generated by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
Report dispatched to ...@... by system 2021-11-14
system
commented 2021-11-14:
approved
shows in report
Email from: cert-fr.cossi@ssi.gouv.fr Hello, We thank you for this information. Kind regards, -- ANSSI/SDO/CERT-FR Agence nationale de la sécurité des systèmes d'information Sous-Direction Opération 51, boulevard de La Tour-Maubourg - 75700 PARIS 07 SP Tel : +33 (0)1 71 75 84 68 Mel : cert-fr.cossi@ssi.gouv.fr<mailto:cert-fr.cossi@ssi.gouv.fr> - Web : http://www.cert.ssi.gouv.fr Le 14/11/2021 à 17:13, f4270939-ad0c-4748-9778-e25b8357391f+<redacted>@reports.leakix.net<mailto:f4270939-ad0c-4748-9778-e25b8357391f+<redacted>@reports.leakix.net> a écrit : Dear orangecyberdefense.com, Security researcher zythop has identified a security issue in your infrastructure through our prevention platform. The issue has been confirmed by our team and its priority is critical. Please use this email address ( f4270939-ad0c-4748-9778-e25b8357391f+<redacted>@reports.leakix.net<mailto:f4270939-ad0c-4748-9778-e25b8357391f+<redacted>@reports.leakix.net> ) for further communications with the involved parties. This report has been dispatched to [cert-contact.ocd@orange.com<mailto:cert-contact.ocd@orange.com> cert-fr.cossi@ssi.gouv.fr<mailto:cert-fr.cossi@ssi.gouv.fr>] Report ID f4270939-ad0c-4748-9778-e25b8357391f<https://leakix.net/reports/f4270939-ad0c-4748-9778-e25b8357391f?key=t79igRYczcULFJqb3BL5axiP> Owner orangecyberdefense.com Title Palo Alto (Global-network) instance is outdated Researcher report The following Palo Alto (Global-network) is publicly accessible and looks out-dated : https://212.247.83.243/global-protect/login.esp It is critical to update to a safe version as soon as possible since multiple CVEs could allow remote attackers to DoS or achieve RCE (Remote code execution) on the device. The CVE-2021-3064 prevention reports are identified and dispatched with the help of https://twitter.com/HaboubiAnis Reference: * https://security.paloaltonetworks.com/CVE-2021-3064 * https://security.paloaltonetworks.com/CVE-2020-2021 * https://security.paloaltonetworks.com/CVE-2020-2034 Related events Host Port Source Country Priority Infected Leak rows Leak size 212.247.83.243 (212.247.83.243) 443 PaloAltoPlugin Sweden critical false 0 rows 0 B Report timeline Report created by zythop on Sun, 14 Nov 2021 10:21:53 UTC Report edited by zythop on Sun, 14 Nov 2021 10:33:48 UTC Report approved by BloodyShell on Sun, 14 Nov 2021 16:13:50 UTC New PDF report generated by system on Sun, 14 Nov 2021 16:13:51 UTC This is a free prevention report and not a sales attempt. While we do encourage rewarding researchers, we do not promote any kind of ransom or extortion scheme. Should a researcher require money from you, let us know at fraud@leakix.net<mailto:fraud@leakix.net>, we'll take the appropriate actions and provide you guidance in the next steps. [X] LeakIX prevention team support@leakix.net<mailto:support@leakix.net> https://leakix.net/ Cordialement. -- ANSSI/SDO/CERT-FR Agence nationale de la sécurité des systèmes d'information Sous-Direction Opération 51, boulevard de La Tour-Maubourg - 75700 PARIS 07 SP Tel : +33 (0)1 71 75 84 68 Mel : cert-fr.cossi@ssi.gouv.fr<mailto:cert-fr.cossi@ssi.gouv.fr> - Web : http://www.cert.ssi.gouv.fr -- Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur ou s'il ne vous est pas destine,merci de le detruire ainsi que toute copie de votre systeme et d'en avertir immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de ce message qui n'est pas conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite et pourra faire l'objet de sanctions. --------------------------------------------------------------------------------------------------------------------------------------------- This message and any attachments (the"message") is intended solely for the intended addressees and is confidential. If you receive this message in error,or are not the intended recipient(s), please delete it and any copies from your systems and immediately notify the sender. Any unauthorized view, use that does not comply with its purpose,dissemination or disclosure, either whole or partial, is prohibited and may be subject to penalties. -- Ce message et ses pièces jointes peuvent contenir des informations confidentielles ou privilégiées et ne doivent donc pas être diffusés, exploités ou copiés sans autorisation. Si vous recevez ce message par erreur, vous êtes prié d’en informer l’expéditeur et de détruire le message. Les données à caractère personnel recueillies et traitées dans le cadre de cet échange, le sont à seule fin d’exécution d’une relation professionnelle et s’opèrent dans cette seule finalité et pour la durée nécessaire à cette relation. Si vous souhaitez faire usage de vos droits de consultation, de rectification et de suppression de vos données, veuillez contacter contact.rgpd@sgdsn.gouv.fr<mailto:contact.rgpd@sgdsn.gouv.fr> Les données à caractère personnel recueillies et traitées dans le cadre de cet échange, le sont à seule fin d’exécution d’une relation professionnelle et s’opèrent dans cette seule finalité et pour la durée nécessaire à cette relation. Si vous souhaitez faire usage de vos droits de consultation, de rectification et de suppression de vos données, veuillez contacter contact.rgpd@sgdsn.gouv.fr. Si vous avez reçu ce message par erreur, nous vous remercions d’en informer l’expéditeur et de détruire le message. The personal data collected and processed during this exchange aims solely at completing a business relationship and is limited to the necessary duration of that relationship. If you wish to use your rights of consultation, rectification and deletion of your data, please contact: contact.rgpd@sgdsn.gouv.fr. If you have received this message in error, we thank you for informing the sender and destroying the message.
Report comment dispatched to BloodyShell by system 2021-11-14
Report comment dispatched to iampritam by system 2021-11-14
Report comment dispatched to fokoil by system 2021-11-14
Report comment cdbf93 approved by
BloodyShell
2021-11-14
BloodyShell
2021-11-14
New PDF report generated by system 2021-11-14
Report comment dispatched to zythop by system 2021-11-14
Report comment dispatched to cert-contact.ocd@orange.com by system 2021-11-14
Report comment dispatched to cert-fr.cossi@ssi.gouv.fr by system 2021-11-14
system
commented 2021-11-15:
approved
shows in report
bip! I'm a LeakIX probe. This issue looks like it has been resolved!
New PDF report generated by system 2021-11-15
Report comment dispatched to zythop by system 2021-11-15
Report comment dispatched to cert-contact.ocd@orange.com by system 2021-11-15
Report comment dispatched to cert-fr.cossi@ssi.gouv.fr by system 2021-11-15
Report comment dispatched to BloodyShell by system 2021-12-05
Report comment dispatched to iampritam by system 2021-12-05
Report comment dispatched to fokoil by system 2021-12-05
Report comment dispatched to thLambda by system 2021-12-05
Report marked as fixed by
deleted-user
2021-12-23
deleted-user
2021-12-23
Report closed by
deleted-user
2021-12-23
deleted-user
2021-12-23
New PDF report generated by system 2021-12-23
Report edited by
deleted-user
2021-12-23
deleted-user
2021-12-23
New PDF report generated by system 2021-12-23
Information
Owner
orangecyberdefense.com
Created
2021-11-14 10:21
Updated
2021-12-23 09:42
Fixed
true
Contacts
c...@orange.com
c...@ssi.gouv.fr
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report