Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication

Related Vulnerabilities: CVE-2021-3056  

CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication

Source
Palo Alto Networks Security Advisories / CVE-2021-3056

CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication

047910
Severity 8.8 · HIGH
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required LOW
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH
NVD JSON
Published 2021-11-10
Updated 2021-11-10
Reference PAN-149501
Discovered internally

Description

A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication.

This issue impacts:

PAN-OS 8.1 versions earlier than PAN-OS 8.1.20;

PAN-OS 9.0 versions earlier than PAN-OS 9.0.14;

PAN-OS 9.1 versions earlier than PAN-OS 9.1.9;

PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.

Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.

Product Status

VersionsAffectedUnaffected
PAN-OS 10.1None10.1.*
PAN-OS 10.0< 10.0.1>= 10.0.1
PAN-OS 9.1< 9.1.9>= 9.1.9
PAN-OS 9.0< 9.0.14>= 9.0.14
PAN-OS 8.1< 8.1.20>= 8.1.20
Prisma Access 2.2Noneall
Prisma Access 2.1PreferredInnovation

Required Configuration for Exposure

This issue is applicable only to PAN-OS firewall configurations with the Clientless VPN feature and SAML authentication enabled for GlobalProtect Portal.

Severity: HIGH

CVSSv3.1 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-120 Buffer Overflow

Solution

This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.1, and all later PAN-OS versions.

This issue is fixed in Prisma Access 2.2 Preferred and all later Prisma Access versions.

Workarounds and Mitigations

Enable signatures for Unique Threat ID 91585 on traffic processed by the firewall to block attacks against CVE-2021-3056.

Acknowledgments

This issue was found by Nicholas Newsom of Palo Alto Networks during an internal security review.

Timeline

Initial publication

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started