PAN-OS: Memory Corruption Vulnerability in Global Protect Portal and Gateway Interfaces

Issued: Thursday, 11 November, 2021	Last Revision: Thursday, 11 November, 2021
Vendor: Palo Alto	Product: Palo Alto Networks GlobalProtect portal and gateway interfaces
	Severity Level: High

Summary:

A memory corruption vulnerability exists in Palo Alto Networks Global-Protect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the Global-Protect interface to exploit this issue.

This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.

As per Palo Alto Networks, Prisma Access customers are not impacted by this issue.

CVE	Description	CVSS 3.1 Score
CVE-2021-3064	Memory Corruption Vulnerability in Global Protect Portal and Gateway Interfaces	9.8

Table 1: Vulnerability details

CVE		Affected Product(s)
CVE-2021-3064		PAN-OS 8.1 (< 8.1.17)

Table 2: Vulnerabe Versions

Recommendation:

Enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for Global Protect portal and gateway interfaces to block attacks against CVE-2021-3064.

If you don’t use the Global-Protect VPN portion of the Palo Alto firewall, disable it.

References:

CVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces

https://threatpost.com/massive-zero-day-hole-found-in-palo-alto-security-appliances/176170/

Coming Soon...

Q-CERT website is currently under maintenance. We should be back shortly. Thank you for yor patience.

PAN-OS: Memory Corruption Vulnerability in Global Protect Portal and Gateway Interfaces