A brand new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that may very well be abused by an unauthenticated network-based attacker to execute arbitrary code on affected gadgets with root person privileges.
Tracked as CVE-2021-3064 (CVSS rating: 9.8), the safety weak point impacts PAN-OS 8.1 variations sooner than PAN-OS 8.1.17. Massachusetts-based cybersecurity agency Randori has been credited with discovering and reporting the problem.
“The vulnerability chain consists of a way for bypassing validations made by an exterior net server (HTTP smuggling) and a stack-based buffer overflow,” Randori researchers said. “Exploitation of the vulnerability chain has been confirmed and permits for distant code execution on each bodily and digital firewall merchandise.”
Technical particulars associated to CVE-2021-3064 have been withheld for 30 days to stop menace actors from abusing the vulnerability to stage real-world assaults.
The safety bug stems from a buffer overflow that happens whereas parsing user-supplied enter. Profitable exploitation of the flaw necessitates that the attacker strings it with a method generally known as HTTP smuggling to attain distant code execution on the VPN installations, to not point out have community entry to the gadget on the GlobalProtect service default port 443.
“A reminiscence corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that allows an unauthenticated network-based attacker to disrupt system processes and probably execute arbitrary code with root privileges,” Palo Alto Networks said in an impartial advisory. “The attacker will need to have community entry to the GlobalProtect interface to use this situation.”
In gentle of the truth that VPN gadgets are lucrative targets for malicious actors, it is extremely beneficial that customers transfer rapidly to patch the vulnerability. As a workaround, Palo Alto Networks is advising affected organizations to allow menace signatures for identifiers 91820 and 91855 on site visitors destined for GlobalProtect portal and gateway interfaces to stop any potential assaults in opposition to CVE-2021-3064.