Security News > 2021 > November > Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064)
The existence of a critical RCE vulnerability affecting certain versions of Palo Alto Networks firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months.
The vulnerability has been patched, but since there are still over 10,000 vulnerable internet-facing installations out there, Randori will refrain from publishing technical details related to the vulnerability for a month, to give affected organizations enough time to patch.
"CVE-2021-3064 is a buffer overflow that occurs while parsing user-supplied input into a fixed-length location on the stack. The problematic code is not reachable externally without utilizing an HTTP smuggling technique. Exploitation of these together yields remote code execution under the privileges of the affected component on the firewall device," the Randori Attack Team explained.
"In order to exploit this vulnerability, an attacker must have network access to the device on the GlobalProtect service port. As the affected product is a VPN portal, this port is often accessible over the Internet. On devices with ASLR enabled, exploitation is difficult but possible. On virtualized devices, exploitation is significantly easier due to lack of ASLR and Randori expects public exploits will surface."
Palo Alto Networks confirmed that the vulnerability impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17, and only PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled.
Administrators are urged to implement the offered updates or upgrade to a later PAN-OS version that is not affected.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/N05uEZdbe48/
Related news
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-10 | CVE-2021-3064 | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. | 10.0 |