CVE-2021-3064

Summary

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksPAN-OS9.0.*unaffected
Palo Alto NetworksPAN-OS9.1.*unaffected
Palo Alto NetworksPAN-OS10.0.*unaffected
Palo Alto NetworksPAN-OS10.1.*unaffected
Palo Alto NetworksPAN-OS8.1 < 8.1.17affected
Palo Alto NetworksPrisma Access2.2 allunaffected
Palo Alto NetworksPrisma Access2.1 allunaffected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

Workarounds

Enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064.

It is not necessary to enable SSL decryption to detect and block attacks against this issue.

ADP Enrichment

CVE Program Container

Additional References

References