cbcvebase.
CVE-2021-3064
published 2021-11-10

CVE-2021-3064: A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based…

PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
19.09%
97.0th percentile
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.

Affected

4 ranges
VendorProductVersion rangeFixed in
palo_alto_networkspan-os>= 8.1 < 8.1.178.1.17
paloaltopan-os
paloaltoprisma_access
paloaltonetworkspan-os>= 8.1.0 < 8.1.178.1.17

Detection & IOCsextracted from sources · hover to see the quote

  • Enable Palo Alto Threat Prevention signature for Unique Threat ID 91820 on traffic destined for GlobalProtect portal and gateway interfaces to block CVE-2021-3064 attacks.
  • Enable Palo Alto Threat Prevention signature for Unique Threat ID 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block CVE-2021-3064 attacks.
  • SSL decryption is NOT required to detect and block exploit attempts; apply threat signatures on all traffic to GlobalProtect interfaces regardless of encryption.
  • Target detection at the GlobalProtect portal and gateway network interfaces; the attacker must have direct network access to these interfaces to exploit the vulnerability.
  • ·Only PAN-OS 8.1 versions earlier than 8.1.17 are affected; Prisma Access customers are not impacted.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.