Palo Alto Networks Security Advisories / CVE-2021-3038

CVE-2021-3038 GlobalProtect App: Windows VPN kernel driver denial of service (DoS)

047910
Severity 5.5 · MEDIUM
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact NONE
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact HIGH

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error.

This issue impacts:

GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8;

GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4.

Product Status

VersionsAffectedUnaffected
GlobalProtect App 5.2< 5.2.4 on Windows>= 5.2.4 on Windows
GlobalProtect App 5.1< 5.1.8 on Windows>= 5.1.8 on Windows

Severity: MEDIUM

CVSSv3.1 Base Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-20 Improper Input Validation

CWE-248 Uncaught Exception

Solution

This issue is fixed in GlobalProtect app 5.1.8, GlobalProtect app 5.2.4, and all later GlobalProtect app versions.

Acknowledgments

Palo Alto Networks thanks Christophe Schleypen from NCIA / NCIRC for discovering and reporting this issue.

Timeline

Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.