Improper access control in Palo Alto PAN-OS

#VU58112 Improper access control in Palo Alto PAN-OS

Published: 2021-11-11

Vulnerability identifier: #VU58112

Vulnerability risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3062

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Palo Alto PAN-OS
Operating systems & Components / Operating system

Vendor: Palo Alto Networks, Inc.

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user with access to GlobalProtect portals and gateways can connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS.

Note, the vulnerability affects PAN-OS deployment on VM-Series.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 10.0.0 - 10.0.7, 9.1 - 9.1.10, 9.0 - 9.0.13, 8.1 - 8.1.19

External links
http://security.paloaltonetworks.com/CVE-2021-3062

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper access control in PAN-OS GlobalProtect