CVE-2021-3064
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.
Se presenta una vulnerabilidad de corrupción de memoria en las interfaces del portal y la puerta de enlace de Palo Alto Networks GlobalProtect que permite a un atacante no autenticado basado en la red interrumpir los procesos del sistema y ejecutar potencialmente código arbitrario con privilegios de root. El atacante debe tener acceso de red a la interfaz de GlobalProtect para aprovechar este problema. Este problema afecta a PAN-OS versiones 8.1 anteriores a PAN-OS 8.1.17. Los clientes de Prisma Access no están afectados por este problema
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-06 CVE Reserved
- 2021-11-10 CVE Published
- 2023-06-21 First Exploit
- 2024-09-17 CVE Updated
- 2024-10-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/0xhaggis/CVE-2021-3064 | 2023-06-21 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.paloaltonetworks.com/CVE-2021-3064 | 2021-11-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.17 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.17" | - |
Affected
|