Critical Vulnerability in Palo Alto VPN
A critical vulnerability (CVE-2021-3064) that could lead to an unauthenticated network-based attacker executing arbitrary code has been discovered in Palo Alto Networks’ GlobalProtect VPN via the portal or gateway interface.
This vulnerability affects certain Palo Alto Networks Operating System (PAN-OS) products using the GlobalProtect Portal VPN. Technical details released to the vendor suggest once the attacker has gained control of the device they are able to access configuration data, extract login details and move laterally within the internal network.
Palo Alto firewalls running the 8.1 series of PAN-OS with GlobalProtect enabled (specifically versions prior to 8.1.17).
What this means
Exploitation of this vulnerability could allow an attacker full access to the affected network device.
What to look for
How to tell if you're at risk
Palo Alto Networks firewalls with Global Protect enabled and running a version of PAN-OS 8.1 prior to 8.1.17 are at risk of compromise.
PAN-OS 9 and 10 are not affected by this vulnerability.
What to do
Patch to PAN-OS 8.1.17 as soon as possible.
While planning to patch apply Threat Prevention signatures 97820 and 91855 released by Palo Alto.
If not using the VPN component of the firewall, disable GlobalProtect.