A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. **Work around:** Enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064. It is not necessary to enable SSL decryption to detect and block attacks against this issue.
A zero-day vulnerability has been discovered in PAN’s GlobalProtect firewall
Randori discovered Zero-day in Palo Alto’s GlobalProtect Firewall, affecting ~10,000 assets.
The Internet’s Most Tempting Targets
Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN