Advisory November 11, 2021

CVE-2021-3064: Zero-Day Hole Found in Palo Alto Security Appliances

Obrela SOC

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue.

Palo Alto Network claims that the number of affected devices is close to 10.000.

Severity: 9.8 (Critical)

Affected version: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17


This issue is fixed in PAN-OS 8.1.17 and all later PAN-OS versions.

While organizations plan for the software upgrade, they can enable signatures for Unique Threat IDs 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064. It is not necessary to enable SSL decryption to detect and block attacks against this issue.