vulnerability

PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Nov 10, 2021	Nov 11, 2021	Nov 26, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Nov 10, 2021

Added

Nov 11, 2021

Modified

Nov 26, 2021

Description

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.

Solution

palo-alto-networks-pan-os-upgrade-8-1

References

CVE-2021-3064
https://attackerkb.com/topics/CVE-2021-3064
https://security.paloaltonetworks.com/CVE-2021-3064

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report