TT-CSIRT-399.10.11.21: Critical Vulnerability in Palo Alto GlobalProtect Portal
A critical (9.8/10) memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17.
TT-CSIRT encourages administrators to review the following release from Palo Alto and apply the necessary patched immediately: https://security.paloaltonetworks.com/CVE-2021-3064