A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected equipment with root person privileges.
Tracked as CVE-2021-3064 (CVSS score: 9.8), the security weak spot impacts PAN-OS 8.1 variations previously than PAN-OS 8.1.17. Massachusetts-based mostly cybersecurity company Randori has been credited with finding and reporting the issue.
“The vulnerability chain consists of a strategy for bypassing validations designed by an exterior web server (HTTP smuggling) and a stack-based mostly buffer overflow,” Randori researchers explained. “Exploitation of the vulnerability chain has been confirmed and allows for remote code execution on the two physical and digital firewall products.”
Complex information relevant to CVE-2021-3064 have been withheld for 30 times to avoid menace actors from abusing the vulnerability to stage authentic-entire world attacks.
The security bug stems from a buffer overflow that takes place though parsing person-provided input. Productive exploitation of the flaw necessitates that the attacker strings it with a method acknowledged as HTTP smuggling to attain remote code execution on the VPN installations, not to point out have network access to the system on the GlobalProtect support default port 443.
“A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that permits an unauthenticated network-centered attacker to disrupt procedure procedures and potentially execute arbitrary code with root privileges,” Palo Alto Networks explained in an independent advisory. “The attacker ought to have network obtain to the GlobalProtect interface to exploit this issue.”
In light of the point that VPN gadgets are valuable targets for destructive actors, it can be remarkably advisable that consumers move swiftly to patch the vulnerability. As a workaround, Palo Alto Networks is advising affected corporations to enable menace signatures for identifiers 91820 and 91855 on visitors destined for GlobalProtect portal and gateway interfaces to reduce any likely attacks towards CVE-2021-3064.
Observed this short article intriguing? Comply with THN on Facebook, Twitter and LinkedIn to browse extra exclusive material we write-up.
Some parts of this article are sourced from: