CVE-2021-3064
published 2021-11-10CVE-2021-3064: A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based…
PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
19.09%
97.0th percentile
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 8.1 < 8.1.17 | 8.1.17 |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.17 | 8.1.17 |
Detection & IOCsextracted from sources · hover to see the quote
- →Enable Palo Alto Threat Prevention signature for Unique Threat ID 91820 on traffic destined for GlobalProtect portal and gateway interfaces to block CVE-2021-3064 attacks. ↗
- →Enable Palo Alto Threat Prevention signature for Unique Threat ID 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block CVE-2021-3064 attacks. ↗
- →SSL decryption is NOT required to detect and block exploit attempts; apply threat signatures on all traffic to GlobalProtect interfaces regardless of encryption. ↗
- →Target detection at the GlobalProtect portal and gateway network interfaces; the attacker must have direct network access to these interfaces to exploit the vulnerability. ↗
- ·Only PAN-OS 8.1 versions earlier than 8.1.17 are affected; Prisma Access customers are not impacted. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
golang-yaml.v2 vulnerabilities
osv·2023-08-14·CVSS 5.5
CVE-2021-4235 golang-yaml.v2 vulnerabilities
golang-yaml.v2 vulnerabilities
Simon Ferquel discovered that the Go yaml package incorrectly handled
certain YAML documents. If a user or an automated system were tricked
into opening a specially crafted input file, a remote attacker could
possibly use this issue to cause the system to crash, resulting in
a denial of service. (CVE-2021-4235)
It was discovered that the Go yaml package incorrectly handled
certain large YAML documents. If a user or an automated system were tricked
into opening a specially crafted input file, a remote attacker could
possibly use this issue to cause the system to crash, resulting in
a denial of service. (CVE-2022-3064)
GHSA
GHSA-4753-h47c-jrw3: A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-bas
ghsa_unreviewed·2022-05-24
CVE-2021-3064 [CRITICAL] CWE-787 GHSA-4753-h47c-jrw3: A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-bas
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.
Palo Alto
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
vendor_paloalto·2021-11-10·CVSS 9.8
CVE-2021-3064 [CRITICAL] CWE-121 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue.
Affected products: PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 8.1.17 and all later PAN-OS versions.
Workaround: Enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064.
It is not necessary to enable SSL decryption to detect and block attac
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-10
Published