CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication.
This issue impacts:
PAN-OS 8.1 versions earlier than PAN-OS 8.1.20;
PAN-OS 9.0 versions earlier than PAN-OS 9.0.14;
PAN-OS 9.1 versions earlier than PAN-OS 9.1.9;
PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.
|PAN-OS 10.0||< 10.0.1||>= 10.0.1|
|PAN-OS 9.1||< 9.1.9||>= 9.1.9|
|PAN-OS 9.0||< 9.0.14||>= 9.0.14|
|PAN-OS 8.1||< 8.1.20||>= 8.1.20|
|Prisma Access 2.2||None||all|
|Prisma Access 2.1||Preferred||Innovation|
Required Configuration for Exposure
This issue is applicable only to PAN-OS firewall configurations with the Clientless VPN feature and SAML authentication enabled for GlobalProtect Portal.
CVSSv3.1 Base Score:8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Palo Alto Networks is not aware of any malicious exploitation of this issue.
This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.1, and all later PAN-OS versions.
This issue is fixed in Prisma Access 2.2 Preferred and all later Prisma Access versions.
Workarounds and Mitigations
Enable signatures for Unique Threat ID 91585 on traffic processed by the firewall to block attacks against CVE-2021-3056.