Serious Remote Code Execution Flaw Found in Palo Alto Networks GlobalProtect Portal and Gateway

11 November 2021 [NO.TCSA : 20211111-1-1-P]

PUBLISHED:
11 November 2021

Serious Remote Code Execution Flaw Found in Palo Alto Networks GlobalProtect Portal and Gateway

A memory corruption vulnerability found in Palo Alto Networks GlobalProtect portal and gateway interfaces that enable an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. The vulnerability was given a 9.8 (out of 10) CVSSv3 score and assigned CVE CVE-2021-3064.

Affected Versions

PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.

Mitigation

If your device has PAN-OS 8.x.x, upgrade to PAN-OS 8.1.17 or a later version. Additionally, enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064.

More Information

21 April 2022 [NO.TCSA : 20220422-1-1-P]

A Critical Unauthenticated Remote Code Execution (RCE) Flaw Found in WSO2 API Manager, Identity Server & Enterprise Integrator

READ MORE READ MORE
19 April 2022 [NO.TCSA : 20220419-1-1-P]

Possible Increase of Intrusion Attempts on Sri Lankan Websites

READ MORE READ MORE
1 April 2022 [NO.TCSA : 20220401-1-1-P]

Spring4Shell – A Critical Remote Execution Found Spring Framework

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN