CVE-2021-3038
published 2021-04-20CVE-2021-3038: A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted…
PriorityP420medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.22%
12.3th percentile
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | globalprotect_app | >= 5.1 < 5.1.8 | 5.1.8 |
| palo_alto_networks | globalprotect_app | >= 5.2 < 5.2.4 | 5.2.4 |
| paloalto | globalprotect_app | — | — |
| paloaltonetworks | globalprotect | >= 5.1.0 < 5.1.8 | 5.1.8 |
| paloaltonetworks | globalprotect | >= 5.2.0 < 5.2.4 | 5.2.4 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9x9w-5fmf-qmhj: A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-
ghsa_unreviewed·2022-05-24
CVE-2021-3038 [MEDIUM] CWE-20 GHSA-9x9w-5fmf-qmhj: A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4.
Palo Alto
GlobalProtect App: Windows VPN kernel driver denial of service (DoS)
vendor_paloalto·2021-04-14·CVSS 5.5
CVE-2021-3038 [MEDIUM] CWE-20 GlobalProtect App: Windows VPN kernel driver denial of service (DoS)
GlobalProtect App: Windows VPN kernel driver denial of service (DoS)
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error.
Affected products: GlobalProtect App
Solution: This issue is fixed in GlobalProtect app 5.1.8, GlobalProtect app 5.2.4, and all later GlobalProtect app versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-20
Published