CVE-2021-3064

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces

Description

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.

Remediation

Solution:

This issue is fixed in PAN-OS 8.1.17 and all later PAN-OS versions.

Workaround:

Enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064. It is not necessary to enable SSL decryption to detect and block attacks against this issue.

References

Link	Tags
https://security.paloaltonetworks.com/CVE-2021-3064	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-3064?: CVE-2021-3064 has been scored as a critical severity vulnerability.
How to fix CVE-2021-3064?: To fix CVE-2021-3064: This issue is fixed in PAN-OS 8.1.17 and all later PAN-OS versions.
Is CVE-2021-3064 being actively exploited in the wild?: It is possible that CVE-2021-3064 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~48% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-3064?: CVE-2021-3064 affects Palo Alto Networks PAN-OS, Palo Alto Networks Prisma Access.

Description

Remediation

Categories

CWE-121 – Stack-based Buffer Overflow

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions