Serious Remote Code Execution Flaw Found in Palo Alto Networks GlobalProtect Portal and Gateway

PUBLISHED:
11 November 2021

Serious Remote Code Execution Flaw Found in Palo Alto Networks GlobalProtect Portal and Gateway

A memory corruption vulnerability found in Palo Alto Networks GlobalProtect portal and gateway interfaces that enable an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. The vulnerability was given a 9.8 (out of 10) CVSSv3 score and assigned CVE CVE-2021-3064.

Affected Versions

PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.

Mitigation

If your device has PAN-OS 8.x.x, upgrade to PAN-OS 8.1.17 or a later version. Additionally, enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064.

More Information

• CVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces – https://security.paloaltonetworks.com/CVE-2021-3064
• Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064 – https://www.randori.com/blog/cve-2021-3064/
• CVE-2021-3064 – https://nvd.nist.gov/vuln/detail/CVE-2021-3064
• CWE-121: Stack-based Buffer Overflow – https://cwe.mitre.org/data/definitions/121