Buffer overflow in Palo Alto PAN-OS - CVE-2021-3056

 

Buffer overflow in Palo Alto PAN-OS - CVE-2021-3056

Published: November 11, 2021


Vulnerability identifier: #VU58111
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2021-3056
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Palo Alto Networks, Inc.
Affected software:
Palo Alto PAN-OS

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the PAN-OS GlobalProtect Clientless VPN during SAML authentication. A remote attacker can send specially crafted request to the system, trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


How to mitigate CVE-2021-3056

Install updates from vendor's website.

Sources