Palo Alto Networks has issued an urgent alert on a remote code execution vulnerability in its GlobalProtect portal and gateway interfaces, warning that network-based exploits with root rights are trivial to start.
Palo Alto Networks, based in Santa Clara, California, claimed the flaw can be used by an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root capabilities.
The CVE-2021-3064 vulnerability was given a severe severity rating by the business, which said that an attacker would need network access to the GlobalProtect interface to exploit it.
The problem affects PAN-OS 8.1 versions prior to PAN-OS 8.1.17, according to Palo Alto. Enterprise users running PAN-OS 8.1.17 and subsequent PAN-OS versions have received high-priority fixes.
The company claimed it was not aware of any malicious exploits of the vulnerability, although it did acknowledge that attack surface management firm Randori had included successful exploits in its red-teaming software.
The issue affects PAN firewalls employing the GlobalProtect Portal VPN, according to a vulnerability report from the Randori Attack Team, and allows for unauthenticated remote code execution on susceptible installations of the product.
“Our team was able to acquire a shell on the target, access important configuration data, and extract credentials, among other things.” “Once an attacker gains control of the firewall, they gain visibility into the internal network and can move laterally,” Randori explained.
For the next 30 days, Palo Alto Networks is withholding technical details about the vulnerability so that customers can implement available remedies.
