3:00pm, 12 November 2021
TLP Rating:
Critical Vulnerability in Palo Alto VPN
A critical vulnerability (CVE-2021-3064) that could lead to an unauthenticated network-based attacker executing arbitrary code has been discovered in Palo Alto Networks’ GlobalProtect VPN via the portal or gateway interface.
This vulnerability affects certain Palo Alto Networks Operating System (PAN-OS) products using the GlobalProtect Portal VPN. Technical details released to the vendor suggest once the attacker has gained control of the device they are able to access configuration data, extract login details and move laterally within the internal network.
What's happening
Systems affected
Palo Alto firewalls running the 8.1 series of PAN-OS with GlobalProtect enabled (specifically versions prior to 8.1.17).
What this means
Exploitation of this vulnerability could allow an attacker full access to the affected network device.
What to look for
How to tell if you're at risk
Palo Alto Networks firewalls with Global Protect enabled and running a version of PAN-OS 8.1 prior to 8.1.17 are at risk of compromise.
PAN-OS 9 and 10 are not affected by this vulnerability.
What to do
Prevention
Patch to PAN-OS 8.1.17 as soon as possible.
Mitigation
While planning to patch apply Threat Prevention signatures 97820 and 91855 released by Palo Alto.
If not using the VPN component of the firewall, disable GlobalProtect.
More information
Palo Alto Networks’ Advisory External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.