You can now find Cyber Kendra on Google News | Telegram


ZeroDay Vulnerability in Palo Alto Networks Firewalls Allows RCE

This critical RCE was rated at 9.8 on the CVSS scale and affects PAN-OS versions from 8.1. until 8.1.17.

A vulnerability has been identified in Palo Alto Networks firewalls using GlobalProtect VPN that could be exploited by an unauthorized attacker to execute arbitrary code on vulnerable devices with superuser privileges.

Issue (CVE-2021-3064) scored 9.8 on the CVSS scale and affects PAN-OS versions from 8.1. until 8.1.17.

“The chain of vulnerabilities consists of a method to bypass checks made by an external web server and a stack-based buffer overflow. The use of a chain of vulnerabilities has been proven and allows you to remotely execute code on both physical and virtual firewalls, ”explained the experts from the information security firm Randori, who discovered the vulnerability.

The vulnerability is related to a buffer overflow that occurs when parsing user input. To successfully exploit the vulnerability, an attacker must use a method called HTTP Request Smuggling and have network access to the device through port 443 of the GlobalProtect service.

Users are strongly encouraged to fix the vulnerability as soon as possible. As a mitigation measure, Palo Alto Networks recommends enabling threat signatures for IDs 91820 and 91855 in traffic destined for the GlobalProtect portal and gateway interfaces.

Technical details of CVE-2021-3064 will not be released for 30 days to prevent attackers from using the vulnerability to carry out attacks.

HTTP Request Smuggling is based on differences in the processing of data from one or more HTTP devices (cache server, proxy server, firewall, etc.) located between the user and the web server. The HTTP Request Smuggling technique allows for various types of attacks - cache poisoning, session hijacking, cross-site scripting, and also provides the ability to bypass firewall protection.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.