topic Mitigating CVE-2019-0624 in General Topics

Mitigating CVE-2019-0624

Venkatesan_radhakrishnan — Mon, 06 May 2019 06:17:46 GMT

HI @reaper , @gwesson

I'm seeing the subjected CVE is missing in palo alto vulnerability profile.

How can I mitigate this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2019-0624

Regards

Venky

Re: Mitigating CVE-2019-0624

reaper — Mon, 06 May 2019 09:31:33 GMT

The CVE affects only endpoints and allows unsanitized urls to be delivered to users

"For the vulnerability to be exploited, a user must click a specially crafted URL that takes the user to a targeted Lync or Skype for Business site."

This secondary connection would not match the CVE, but some other exploit (XSS,..) which will be checked by TP, URL filtering and DNS Security/sinkhole

Re: Mitigating CVE-2019-0624

Venkatesan_radhakrishnan — Mon, 06 May 2019 09:36:41 GMT

HI @reaper

How to mitigate this vulnerability, Do configuring DNS sinkhole will help?

Did Palo alto is aware of this vulnerability, I'm not seeing any vulnerability listed for this CVE in vulnerability profiles.

What If customer got already affected by this CVE.

Regards

Venky

Re: Mitigating CVE-2019-0624

BPry — Mon, 06 May 2019 22:45:43 GMT

@Venkatesan_radhakrishnan,

The CVE that you mentioned is a vulnerability actually in place within SfB. The exploit would likely be contained in an email message (as stated in the CVE) that a user would click on. There really isn't anything for the firewall to trigger on here. Also kind of important to note here, this CVE is rather old and has been patched for a while, so updates should have already been applied to the server rendering this CVE non-exploitable.

The firewall itself may pick up on another vulnerability as @reaper pointed out in his reply. If you can't update the SfB server in question for some reason (which would fix the issue outright and should be done) then you would want to ensure that client traffic to your target system are actually being fully inspected.