CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication
Description
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication.
This issue impacts:
PAN-OS 8.1 versions earlier than PAN-OS 8.1.20;
PAN-OS 9.0 versions earlier than PAN-OS 9.0.14;
PAN-OS 9.1 versions earlier than PAN-OS 9.1.9;
PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| PAN-OS 10.1 | None | 10.1.* |
| PAN-OS 10.0 | < 10.0.1 | >= 10.0.1 |
| PAN-OS 9.1 | < 9.1.9 | >= 9.1.9 |
| PAN-OS 9.0 | < 9.0.14 | >= 9.0.14 |
| PAN-OS 8.1 | < 8.1.20 | >= 8.1.20 |
| Prisma Access 2.2 | None | all |
| Prisma Access 2.1 | Preferred | Innovation |
Required Configuration for Exposure
This issue is applicable only to PAN-OS firewall configurations with the Clientless VPN feature and SAML authentication enabled for GlobalProtect Portal.
Severity: HIGH
CVSSv3.1 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
Solution
This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.1, and all later PAN-OS versions.
This issue is fixed in Prisma Access 2.2 Preferred and all later Prisma Access versions.
Workarounds and Mitigations
Enable signatures for Unique Threat ID 91585 on traffic processed by the firewall to block attacks against CVE-2021-3056.