Cyber Resilience

CVE-2019-1579

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 19 July 2019

Published
19 July 2019
Modified
04 November 2025
KEV Added
10 January 2022
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9288 99.8th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-1579 is a high-severity Use of Externally-Controlled Format String (CWE-134) vulnerability in Paloaltonetworks Pan-Os. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is a remote code execution flaw, tracked as CVE-2019-1579 and associated with CWE-134, that affects PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier when the GlobalProtect Portal or GlobalProtect Gateway interface is enabled. The issue carries a CVSS 3.1 score of 8.1 with a network attack vector, high complexity, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can exploit the flaw over the network to execute arbitrary code on the affected device. Successful exploitation grants the attacker full control of the target system, enabling actions that compromise data confidentiality, system integrity, and service availability.

Palo Alto Networks has published an advisory at security.paloaltonetworks.com/CVE-2019-1579 detailing the affected versions and remediation steps. Public analysis, including a detailed report referencing Uber as a case study, demonstrates practical pre-authentication exploitation of the GlobalProtect SSL VPN interfaces.

EU & UK References

Vulnerability details

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.

CWE(s)
KEV Date Added
10 January 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

paloaltonetworks
pan-os
≤ 7.1.19 · 8.0.0 — 8.0.12 · 8.1.0 — 8.1.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of vendor patches that close the RCE flaw in GlobalProtect interfaces.

prevent

Enforces boundary protections that can block unauthenticated network access to the vulnerable GlobalProtect Portal/Gateway interfaces.

AC-17 Remote Access partial match
prevent

Requires explicit authorization, monitoring, and encryption for all remote access, limiting exposure of the affected SSL VPN endpoints.

References