{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2021-064.pdf"
    },
    "title": "Critical Vulnerability in Palo Alto Security Appliances",
    "serial_number": "2021-064",
    "publish_date": "11-11-2021 21:58:00",
    "description": "On November 10, Palo Alto issued an advisory about a critical vulnerability, named \"CVE-2021-3064\" and scored 9.8 out of 10, affecting some versions of its security appliances running PAN-OS.<br>Palo Alto is not aware of any malicious exploitation of the vulnerability although working exploits exist.",
    "url_title": "2021-064",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in\u00a0Palo\u00a0Alto\u00a0Security\u00a0Appliances'\nversion: '1.0'\nnumber: '2021-064'\ndate: 'November 11, 2021'\n---\n\n_History:_\n\n* _11/11/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn November 10, Palo Alto issued an advisory about a critical vulnerability, named `CVE-2021-3064` and scored 9.8 out of 10, affecting some versions of its security appliances running PAN-OS [1].\n\nPalo Alto is not aware of any malicious exploitation of the vulnerability although working exploits exist [2].\n\n# Technical details\n\nThe vulnerability `CVE-2021-3064` is due to a memory corruption vulnerability in Palo Alto Networks GlobalProtect portal and gateway interfaces. It could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue [1].\n\nOnly PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled are vulnerable.\n\n# Products affected\n\nThis issue impacts `PAN-OS 8.1` versions earlier than `PAN-OS 8.1.17` [1].\n\n# Recommendations\n\nCERT-EU strongly recommends updating or upgrading affected versions of PAN-OS to a non-vulnerable version.\n\n## Mitigations\n\nPalo Alto recommends enabling signatures for Unique Threat IDs `91820` and `91855` on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against `CVE-2021-3064`[1]. No SSL decryption is required for detection.\n\n# References\n\n[1] <https://security.paloaltonetworks.com/CVE-2021-3064>\n\n[2] <https://threatpost.com/massive-zero-day-hole-found-in-palo-alto-security-appliances/176170/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>11/11/2021 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On November 10, Palo Alto issued an advisory about a critical vulnerability, named <code>CVE-2021-3064</code> and scored 9.8 out of 10, affecting some versions of its security appliances running PAN-OS [1].</p><p>Palo Alto is not aware of any malicious exploitation of the vulnerability although working exploits exist [2].</p><h2 id=\"technical-details\">Technical details</h2><p>The vulnerability <code>CVE-2021-3064</code> is due to a memory corruption vulnerability in Palo Alto Networks GlobalProtect portal and gateway interfaces. It could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue [1].</p><p>Only PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled are vulnerable.</p><h2 id=\"products-affected\">Products affected</h2><p>This issue impacts <code>PAN-OS 8.1</code> versions earlier than <code>PAN-OS 8.1.17</code> [1].</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends updating or upgrading affected versions of PAN-OS to a non-vulnerable version.</p><h3 id=\"mitigations\">Mitigations</h3><p>Palo Alto recommends enabling signatures for Unique Threat IDs <code>91820</code> and <code>91855</code> on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against <code>CVE-2021-3064</code>[1]. No SSL decryption is required for detection.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://security.paloaltonetworks.com/CVE-2021-3064\">https://security.paloaltonetworks.com/CVE-2021-3064</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://threatpost.com/massive-zero-day-hole-found-in-palo-alto-security-appliances/176170/\">https://threatpost.com/massive-zero-day-hole-found-in-palo-alto-security-appliances/176170/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}