9 matches found
Exploit for Stack-based Buffer Overflow in Paloaltonetworks Pan-Os
CVE-2021-3064: Pan-OS Remote Buffer Overflow + HTTP Smuggling...
The Bug Report November 2021 Edition
The Bug Report — November 2021 Edition By Mark Bereza · November 30, 2021 Your Cybersecurity Comic Relief CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” Why am I here? For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report ...
Randori discovered Zero-day in Palo Alto’s GlobalProtect Firewall, affecting ~10,000 assets.
Outline Palo Alto Networks PAN released an update on November 10, 2021, that patched CVE-2021-3064, which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN, and it allows for unauthenticated remote code execution on susceptible...
A zero-day vulnerability has been discovered in PAN’s GlobalProtect firewall
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Palo Alto Networks PAN released an update on November 10, 2021, that patched CVE-2021-3064, which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN, and ...
Palo Alto Networks Release Security Updates for PAN-OS
Palo Alto Networks has released security updates to address a vulnerability affecting PAN-OS firewall configurations with GlobalProtect portal and gateway interfaces. These updates address a vulnerability that only affects old versions of PAN-OS 8.1.16 and earlier. An unauthenticated attacker wit...
Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN
A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 CVSS score: 9.8, the security weakness impact...
CVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the...
CVE-2021-3064
CVE-2021-3064 affects PAN-OS GlobalProtect portal and gateway interfaces on PAN-OS 8.1.x before 8.1.17, causing memory corruption that can lead to unauthenticated remote code execution with root privileges when an attacker can reach the GlobalProtect service port (default 443) over the network. T...
Massive Zero-Day Hole Found in Palo Alto Security Appliances
Researchers have developed a working exploit to gain remote code execution RCE via a massive vulnerability in a security appliance from Palo Alto Networks PAN, potentially leaving 10,000 vulnerable firewalls with their goods exposed to the internet. The critical zero day, tracked as CVE 2021-3064...