CVE-2021-3064 PAN-OS: PAN-OS Remote Code Execution Vulnerability
On November 10, 2021, Palo Alto officially released a risk notice on memory corruption vulnerability in GlobalProtect Portal and Gateway Interfaces, the vulnerability number is CVE-2021-3064 (CVSSv3.1 Base Score: 9.8). The vulnerability only affects the PAN-OS firewall configuration with GlobalProtect enabled.
Vulnerability Detail
The GlobalProtect interface and gateway interface of PAN-OS have memory corruption vulnerabilities, allowing an unauthenticated network-based attacker to disrupt system processes and possibly execute arbitrary code with root privileges. The attacker must access the GlobalProtect interface through the network to exploit this vulnerability.
| Versions | Affected | Unaffected |
|---|---|---|
| Prisma Access 2.2 | None | all |
| Prisma Access 2.1 | None | all |
| PAN-OS 10.1 | None | 10.1.* |
| PAN-OS 10.0 | None | 10.0.* |
| PAN-OS 9.1 | None | 9.1.* |
| PAN-OS 9.0 | None | 9.0.* |
| PAN-OS 8.1 | < 8.1.17 | >= 8.1.17 |
Solution
In this regard, we recommend that users upgrade PAN-OS to the latest version in time. You can temporarily repair with the following suggestions:
- Disable the interface from the web interface: ‘Network > GlobalProtect > Portals’ and in ‘Network > GlobalProtect > Gateways’
