Serious Remote Code Execution Flaw Found in Palo Alto Networks GlobalProtect Portal and Gateway

11 November 2021 [NO.TCSA : 20211111-1-1-P]

PUBLISHED:
11 November 2021

Serious Remote Code Execution Flaw Found in Palo Alto Networks GlobalProtect Portal and Gateway

A memory corruption vulnerability found in Palo Alto Networks GlobalProtect portal and gateway interfaces that enable an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. The vulnerability was given a 9.8 (out of 10) CVSSv3 score and assigned CVE CVE-2021-3064.

Affected Versions

PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.

Mitigation

If your device has PAN-OS 8.x.x, upgrade to PAN-OS 8.1.17 or a later version. Additionally, enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064.

More Information

9 March 2023 [NO.TCSA : 20230309-1-1-P]

A Critical Code Execution Flaw Found in FortiOS and FortiProxy Administrative Interfaces

READ MORE READ MORE
20 February 2023 [NO.TCSA : 20230220-1-1-P]

Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb

READ MORE READ MORE
16 January 2023 [NO.TCSA : 20230116-1-1-P]

Cacti Crisis: Severe Vulnerability Exploited in the Wild

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN