A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based malicious user to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
paloaltonetworks pan-os |
Get our weekly newsletter Arbitrary code execution by unauthenticated attacker? Big oops
Updated Palo Alto Networks (PAN) has issued a patch for a CVSS 9.8-rated buffer overflow affecting a VPN component of its widely used firewall software, warning that the flaw allows unauthenticated attackers to execute arbitrary code on unpatched appliances. While the current version, 10.1, and three before it are not affected, the vuln, tracked as CVE-2021-3064, still exists in version 8.1.17 and all previous versions of PAN-OS, PAN's firewall operating system. "A memory corruption vulnerabilit...