This blog contains information regarding a Palo Alto Networks GlobalProtect Portal vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update November 11, 2021
10:00 | Palo Alto networks has published information regarding a critical remote code execution vulnerability (CVE-2021-3064) in their GlobalProtect Portal VPN. On the 10th of November a patch was released. We advise to check if your products are listed and apply the patch as soon as possible.
Reason and background of this blog
This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.
Palo Alto networks has published information regarding a critical remote code execution vulnerability in their GlobalProtect Portal VPN. The unauthenticated remote code execution vulnerability allows a remote attacker to gain full control over the firewall, which may imply full access to your internal network resources. The vulnerability CVE-2021-3064 has a CVSS-score of 9.8. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with a high impact.
The unauthenticated remote code vulnerability allows a remote attacker to gain full control over the firewall, which may imply full access to your internal network resources.
Palo Alto firewalls running version 8.1 of PAN-OS with GlobalProtect enabled (specifically versions < 8.1.17) are vulnerable. Patches are available. If you run version 8.1, make sure to upgrade to at least version 8.1.17.
In addition, Palo Alto published Threat Prevention Signatures to block the issue:
• ID 91820
• ID 91855
Sign up for our technical updates
Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.