Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-3064

Published: 10/11/2021 Updated: 15/11/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Paloaltonetworks

Vulnerability Summary

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based malicious user to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

paloaltonetworks pan-os

Vendor Advisories

Palo Alto Networks Security Advisory: CVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
CVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces ...

Github Repositories

https://github.com/0xhaggis/CVE-2021-3064

Exploit for CVE-2021-3036, HTTP Smuggling + buffer overflow in PanOS 8.x

CVE-2021-3064: Pan-OS Remote Buffer Overflow + HTTP Smuggling Exploit This exploit uses an HTTP Smuggling vuln to deliver a payload to an otherwise inaccessible endpoint on Pan-OS firewalls; the endpoint is vulnerable to an overflow that can be exploited to run arbitrary code as root on the affected device Usage Read the code ;)

Recent Articles

Palo Alto Networks patches 9.8 severity CVE in popular GlobalProtect product
The Register • Gareth Corfield • 11 Nov 2021

Get our weekly newsletter Arbitrary code execution by unauthenticated attacker? Big oops

Updated Palo Alto Networks (PAN) has issued a patch for a CVSS 9.8-rated buffer overflow affecting a VPN component of its widely used firewall software, warning that the flaw allows unauthenticated attackers to execute arbitrary code on unpatched appliances. While the current version, 10.1, and three before it are not affected, the vuln, tracked as CVE-2021-3064, still exists in version 8.1.17 and all previous versions of PAN-OS, PAN's firewall operating system. "A memory corruption vulnerabilit...

Read more...

References

CWE-787https://security.paloaltonetworks.com/CVE-2021-3064https://nvd.nist.govhttps://github.com/0xhaggis/CVE-2021-3064https://www.theregister.co.uk/2021/11/11/palo_alto_networks_critical_cve_globalprotect/https://security.paloaltonetworks.com/CVE-2021-3064
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook