TT-CSIRT-399.10.11.21: Critical Vulnerability in Palo Alto GlobalProtect Portal

TT-CSIRT-399.10.11.21: Critical Vulnerability in Palo Alto GlobalProtect Portal

A critical (9.8/10) memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.

TT-CSIRT encourages administrators to review the following release from Palo Alto and apply the necessary patched immediately: https://security.paloaltonetworks.com/CVE-2021-3064