A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges.
The issue affects multiple versions of PAN-OS 8.1 prior to 8.1.17, and Randori said it found numerous vulnerable instances exposed on internet-facing assets, in excess of 70,000 assets.
Technical details related to CVE-2021-3064 have been withheld for 30 days to prevent threat actors from abusing the vulnerability to stage real-world attacks.
"The vulnerability chain consists of a method for bypassing validations made by an external web server known as HTTP smuggling and a stack-based buffer overflow," Randori researchers said.
Randori exploited Palo Alto Networks PA-5220, including PAN-OS 8.1.16 and PAN-OS 8.1.15.
"A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges," Palo Alto Networks said in an independent advisory.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
