Palo Alto Networks has fixed a Critical PAN-OS vulnerability in GlobalProtect Portal and Gateway Interfaces.
“A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges,” Palo Alto Networks warned in the advisory.
Moreover, an attacker must have network access to the GlobalProtect interface in order to exploit this issue. The issue is also rated Critical and sports a CVSS score of 9.8.
The memory corruption vulnerability (CVE-2021-3064) affects only PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled. To add, only PAN-OS 8.1 and versions earlier than PAN-OS 8.1.17 are affected.
However, the vulnerability does not impact Prisma Access customers.
Finally, Palo Alto Networks is not aware of any malicious exploits in the wild of this issue.