Mitigating CVE-2019-0624

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Mitigating CVE-2019-0624

HI @reaper , @gwesson 

 

I'm seeing the subjected CVE is missing in palo alto vulnerability profile.

 

How can I mitigate this vulnerability. 

 

https://nvd.nist.gov/vuln/detail/CVE-2019-0624


Regards

Venky

3 REPLIES 3

Cyber Elite
Cyber Elite

The CVE affects only endpoints and allows unsanitized urls to be delivered to users

"For the vulnerability to be exploited, a user must click a specially crafted URL that takes the user to a targeted Lync or Skype for Business site."

This secondary connection would not match the CVE, but some other exploit (XSS,..) which will be checked by TP, URL filtering and DNS Security/sinkhole 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

HI @reaper 

 

How to mitigate this vulnerability, Do configuring DNS sinkhole will help?

 

Did Palo alto is aware of this vulnerability, I'm not seeing any vulnerability listed for this CVE in vulnerability profiles. 

 

What If customer got already affected by this CVE.

 

Regards

Venky

@Venkatesan_radhakrishnan,

The CVE that you mentioned is a vulnerability actually in place within SfB. The exploit would likely be contained in an email message (as stated in the CVE) that a user would click on. There really isn't anything for the firewall to trigger on here. Also kind of important to note here, this CVE is rather old and has been patched for a while, so updates should have already been applied to the server rendering this CVE non-exploitable. 

The firewall itself may pick up on another vulnerability as @reaper pointed out in his reply. If you can't update the SfB server in question for some reason (which would fix the issue outright and should be done) then you would want to ensure that client traffic to your target system are actually being fully inspected. 

  • 2496 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!