Skip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Palo Alto Networks GlobalProtect vulnerability

By 11 November 2021 CERT, SOC, Vulnerability

This blog contains information regarding a Palo Alto Networks GlobalProtect Portal vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update November 11, 2021

10:00 | Palo Alto networks has published information regarding a critical remote code execution vulnerability (CVE-2021-3064) in their GlobalProtect Portal VPN. On the 10th of November a patch was released. We advise to check if your products are listed and apply the patch as soon as possible.

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Potential risk

Palo Alto networks has published information regarding a critical remote code execution vulnerability in their GlobalProtect Portal VPN. The unauthenticated remote code execution vulnerability allows a remote attacker to gain full control over the firewall, which may imply full access to your internal network resources. The vulnerability CVE-2021-3064 has a CVSS-score of 9.8. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with a high impact.

Detail info

The unauthenticated remote code vulnerability allows a remote attacker to gain full control over the firewall, which may imply full access to your internal network resources.

Palo Alto firewalls running version 8.1 of PAN-OS with GlobalProtect enabled (specifically versions < 8.1.17) are vulnerable. Patches are available. If you run version 8.1, make sure to upgrade to at least version 8.1.17.

In addition, Palo Alto published Threat Prevention Signatures to block the issue:
• ID 91820
• ID 91855

Subscribe

Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.