Security Advisory: SonicWall Not Affected by Critical Remote Code Execution Vulnerability (CVE-2019-1579)

First Published:08/05/2019 Last Updated:03/26/2020

What we know about the Critical Remote Code Execution Vulnerability (CVE-2019-1579)

Researchers have found several security flaws in popular corporate VPNs, which they say can be used to silently break into company networks and steal business secrets.

According to https://techcrunch.com/2019/07/23/corporate-vpn-flaws-risk/

“Devcore researchers Orange Tsai and Meh Chang said the flaws found in the three corporate VPN providers — Palo Alto Networks, Pulse Secure and Fortinet — are ‘easy’ to remotely exploit.”

Once the SSL VPN server is compromised, attackers can infiltrate the Intranet and even take over all users connecting to the SSL VPN server.

According to https://www.tenable.com/blog/cve-2019-1579-critical-pre-authentication-vulnerability-in-palo-alto-networks-globalprotect-ssl

“The researchers found that popular ride-sharing service, Uber, was running an unpatched/vulnerable version of Palo Alto's GlobalProtect. They confirmed their exploit worked against Uber and reported their findings. Uber responded it did not use Palo Alto SSL VPN as its “primary VPN” and that it was hosted on Amazon Web Services (AWS) and not a part of the organization’s “core infrastructure,” which mitigated some of the potential impact of this vulnerability.

For more details about the vulnerability, please refer to: https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/

Palo Alto Networks issued a security advisory: https://securityadvisories.paloaltonetworks.com/Home/Detail/158 

SonicWall customers are not affected by this vulnerability.

SonicWall Engineering Team have tested and confirmed that SonicWall SSL-VPN products, including WAF, are NOT affected by this vulnerability.

SonicWall Secure Mobile Access (SMA) provides granular access control policy engine, context-aware device authorization, application-level VPN and advanced authentication with single sign-on that protects the corporate network against such malicious requests involving exploitable parameters/format strings aimed at gaining unauthorized access.

To ensure your SonicWall SMA is properly configured, please refer to our in-depth administration guide: https://www.sonicwall.com/support/technical-documentation/