CVE-2021-3064 — Stack-based Buffer Overflow in Palo Alto Networks Pan-os

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

47.8%

top 2.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Pan-os +1 more

Timeline

PublishedNov 10

Latest updateAug 14

Description

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDpaloaltonetworks/pan-os8.1.0 — 8.1.17

▶CVEListV5palo_alto_networks/pan-os8.1 — 8.1.17

▶Palo Altopaloalto/prisma_access

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

OSV

golang-yaml.v2 vulnerabilities↗2023-08-14

▶

GHSA

GHSA-4753-h47c-jrw3: A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-bas↗2022-05-24

▶

CVEList

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces↗2021-11-10

▶

📋Vendor Advisories

Palo Alto

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces↗2021-11-10

▶