Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN

Share on linkedin
Share on facebook
Share on twitter

A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges.

Successful exploitation of the flaw necessitates that the attacker strings it with a technique known as HTTP smuggling to achieve remote code execution on the VPN installations, not to mention have network access to the device on the GlobalProtect service default port 443.

“A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges,” Palo Alto Networks said in an independent advisory.

“The attacker must have network access to the GlobalProtect interface to exploit this issue.”

In light of the fact that VPN devices are lucrative targets for malicious actors, it’s highly recommended that users move quickly to patch the vulnerability.

As a workaround, Palo Alto Networks is advising affected organizations to enable threat signatures for identifiers 91820 and 91855 on traffic destined for GlobalProtect portal and gateway interfaces to prevent any potential attacks against CVE-2021-3064.

Stay on Top of Cyber Threats!

Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Follow us on Socials:

Recent Cybersecurity News

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency...
Read The Article

Emotet now spreads via fake Adobe Windows App Installer packages

The Emotet malware is now distributed through malicious Windows App Installer packages that...
Read The Article

Critical Wormable Security Flaw Found in Several HP Printer Models

Cybersecurity researchers on Tuesday disclosed multiple security flaws affecting 150 different multifunction printers...
Read The Article

Contact a Specialist

Discover why 1,000+ organizations trust our expertise to improve their cybersecurity.

Stay Updated on Cyber Risks!

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.