Palo Alto Networks Security Advisories / CVE-2021-3038

CVE-2021-3038 GlobalProtect App: Windows VPN kernel driver denial of service (DoS)

047910
Severity 5.5 · MEDIUM
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required LOW
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact HIGH

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error.

This issue impacts:

GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8;

GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4.

Product Status

VersionsAffectedUnaffected
GlobalProtect App 5.2< 5.2.4 on Windows>= 5.2.4 on Windows
GlobalProtect App 5.1< 5.1.8 on Windows>= 5.1.8 on Windows

Severity: MEDIUM

CVSSv3.1 Base Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-20 Improper Input Validation

CWE-248 Uncaught Exception

Solution

This issue is fixed in GlobalProtect app 5.1.8, GlobalProtect app 5.2.4, and all later GlobalProtect app versions.

Workarounds and Mitigations

Acknowledgments

Palo Alto Networks thanks Christophe Schleypen from NCIA / NCIRC for discovering and reporting this issue.

Timeline

Initial publication
© 2020 Palo Alto Networks, Inc. All rights reserved.