Critical Vulnerability in Palo Alto VPN

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

3:00pm, 12 November 2021

TLP Rating: Clear

Critical Vulnerability in Palo Alto VPN

A critical vulnerability (CVE-2021-3064) that could lead to an unauthenticated network-based attacker executing arbitrary code has been discovered in Palo Alto Networks’ GlobalProtect VPN via the portal or gateway interface.

This vulnerability affects  certain Palo Alto Networks Operating System (PAN-OS) products using the GlobalProtect Portal VPN. Technical details released to the vendor suggest once the attacker has gained control of the device they are able to access configuration data, extract login details and move laterally within the internal network.

What's happening

Systems affected

Palo Alto firewalls running the 8.1 series of PAN-OS with GlobalProtect enabled (specifically versions prior to 8.1.17).

What this means

Exploitation of this vulnerability could allow an attacker full access to the affected network device.

What to look for

How to tell if you're at risk

Palo Alto Networks firewalls with Global Protect enabled and running a version of PAN-OS 8.1 prior to 8.1.17 are at risk of compromise.

PAN-OS 9 and 10 are not affected by this vulnerability.

What to do

Prevention

Patch to PAN-OS 8.1.17 as soon as possible.

Mitigation

While planning to patch apply Threat Prevention signatures 97820 and 91855 released by Palo Alto.

If not using the VPN component of the firewall, disable GlobalProtect.

More information

Palo Alto Networks’ Advisory External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ 

For media enquiries, email our media desk at certmedia@cert.govt.nz.