A remote code-execution (RCE) vulnerability has been uncovered in the GlobalProtect portal and GlobalProtect Gateway interface security products from Palo Alto Networks. The bug is a format string vulnerability in the company s SSL Gateway, which handles client/server SSL handshakes. It allows an unauthenticated attacker to execute arbitrary code so users should update right away to a patched version. But some large companies could still be impacted, including Uber, which is using an older version.
Source: https://threatpost.com/critical-rce-flaw-palo-alto-gateways-uber/146606/