Table of Contents
  • Home
  • /
  • Blog
  • /
  • How To Fix CVE-2021-3064- A Memory Corruption Vulnerability In Palo Alto Networks GlobalProtect Portal?
November 12, 2021
|
4m

How To Fix CVE-2021-3064- A Memory Corruption Vulnerability In Palo Alto Networks GlobalProtect Portal?


How To Fix Cve 2021 3064 A Memory Corruption Vulnerability In Palo Alto Networks Globalprotect Portal

Security researchers from Randori have disclosed a new zero-day vulnerability in PAN firewalls using the GlobalProtect Portal VPN. The zero-day is being tracked as CVE-2021-3064 allows for unauthenticated remote code execution. We have created this post to let you know How to Fix CVE-2021-3064- A Memory Corruption Vulnerability in the Palo Alto Networks GlobalProtect portal.

Summary Of CVE-2021-3064:

The vulnerability CVE-2021-3064 is a memory corruption vulnerability found in Palo Alto Networks GlobalProtect portal and gateway interfaces. Attackers could perform unauthenticated network-based attacks like arbitrary code execution with root privileges and can disrupt system processes.

Attackers could achieve remote code execution by exploiting two things together: 1. buffer overflow that occurs while parsing user-supplied input on the stack. 2. HTTP smuggling technique which makes problematic code reachable externally. 

To perform remote code execution, the attacker must have network access to the GlobalProtect interface (default port 443). In most cases, the GlobalProtect interface is made accessible over the internet because it is a VPN portal. Another notable point is that this vulnerability is easy to exploit on Virtualized appliances due to the lack of ASLR. On the other hand, hardware appliance with ASLR enabled is difficult to exploit but possible.

CVSSv3.1 Base Score9.8
DescriptionA memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces
Attack VectorNetwork
Privileges RequiredNone
Attack ComplexityLow
User InteractionNone
Confidentiality ImpactHigh
Integrity ImpactHigh
Availability ImpactHigh

Products Vulnerable To CVE-2021-3064:

Multiple versions of PAN-OS 8.1 are affected. Most likely versions prior to 8.1.17. Palo also said that no Prisma Access users are impacted by this issue.

This vulnerability affects only PAN-OS on which GlobalProtect portal or gateway is enabled. You can verify if the GlobalProtect or gateway is enabled by checking for entries in Network > GlobalProtect > Portals and in Network > GlobalProtect > Gateways from the web interface.

VersionsAffectedUnaffected
Prisma Access 2.2Noneall
Prisma Access 2.1Noneall
PAN-OS 10.1None10.1.*
PAN-OS 10.0None10.0.*
PAN-OS 9.1None9.1.*
PAN-OS 9.0None9.0.*
PAN-OS 8.1< 8.1.17>= 8.1.17

The table published by security.paloaltonetworks.com

How To Fix CVE-2021-3064 This Memory Corruption Vulnerability?

Palo Alto confirms that the issue is fixed in version PAN-OS 8.1.17 and all later. Organizations who have enabled GlobalProtect portal or gateway on their firewalls are asked to immediately upgrade their PAN-OS to the latest version to fix the CVE-2021-3064 memory corruption vulnerability.

Additionally, for those organizations who cant apply patches immediately, Palo has released Threat Prevention signatures 91820 & 91855 and asked to enable these signatures on traffic to block attacks against CVE-2021-3064 until you upgrade the PAN-OS. 

Organizations that have not configured the GlobalProtect portal or gateway on their firewalls are not affected by this vulnerability. However, it is a good practice to upgrade the PAN-OS to the latest version. Along with that, always keep monitor logs and alerts for any suspected activities, block blocklisted IP addresses and domain names, and configure defense-in-depth such as a web application firewall, segmentation, and access controls.

We hope this post would help you in knowing How to Fix CVE-2021-3064- A Memory Corruption Vulnerability in Palo Alto Networks GlobalProtect portal. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe