CVE-2021-3063
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h4; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8-h4; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers are not impacted by this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | PAN-OS | 8.1 < 8.1.21 | affected |
| Palo Alto Networks | PAN-OS | 9.0 < 9.0.14-h4 | affected |
| Palo Alto Networks | PAN-OS | 10.0 < 10.0.8-h4 | affected |
| Palo Alto Networks | PAN-OS | 10.1 < 10.1.3 | affected |
| Palo Alto Networks | PAN-OS | 9.1 < 9.1.11-h3 | affected |
| Palo Alto Networks | Prisma Access | 2.2 all | unaffected |
| Palo Alto Networks | Prisma Access | 2.1 all | unaffected |
Weaknesses
- CWE-755: CWE-755 Improper Handling of Exceptional Conditions
Workarounds
Enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect interfaces to block attacks against CVE-2021-3063.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.