{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "GlobalProtect App", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "5.1.8", "status": "unaffected"}], "lessThan": "5.1.8", "status": "affected", "version": "5.1", "versionType": "custom"}, {"changes": [{"at": "5.2.4", "status": "unaffected"}], "lessThan": "5.2.4", "status": "affected", "version": "5.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks Christophe Schleypen from NCIA / NCIRC for discovering and reporting this issue."}], "datePublic": "2021-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-248", "description": "CWE-248 Uncaught Exception", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-20T03:15:18", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2021-3038"}], "solutions": [{"lang": "en", "value": "This issue is fixed in GlobalProtect app 5.1.8, GlobalProtect app 5.2.4, and all later GlobalProtect app versions."}], "source": {"defect": ["GPC-10983"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-04-14T00:00:00", "value": "Initial publication"}], "title": "GlobalProtect App: Windows VPN kernel driver denial of service (DoS)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2021-04-14T16:00:00.000Z", "ID": "CVE-2021-3038", "STATE": "PUBLIC", "TITLE": "GlobalProtect App: Windows VPN kernel driver denial of service (DoS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GlobalProtect App", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_name": "5.1", "version_value": "5.1.8"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "5.1", "version_value": "5.1.8"}, {"platform": "Windows", "version_affected": "<", "version_name": "5.2", "version_value": "5.2.4"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "5.2", "version_value": "5.2.4"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Christophe Schleypen from NCIA / NCIRC for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}, {"description": [{"lang": "eng", "value": "CWE-248 Uncaught Exception"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2021-3038", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2021-3038"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in GlobalProtect app 5.1.8, GlobalProtect app 5.2.4, and all later GlobalProtect app versions."}], "source": {"defect": ["GPC-10983"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-04-14T00:00:00", "value": "Initial publication"}], "x_advisoryEoL": false, "x_affectedList": ["GlobalProtect App 5.2.3", "GlobalProtect App 5.2.2", "GlobalProtect App 5.2.1", "GlobalProtect App 5.2.0", "GlobalProtect App 5.2", "GlobalProtect App 5.1.7", "GlobalProtect App 5.1.6", "GlobalProtect App 5.1.5", "GlobalProtect App 5.1.4", "GlobalProtect App 5.1.3", "GlobalProtect App 5.1.1", "GlobalProtect App 5.1.0", "GlobalProtect App 5.1"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:45:50.745Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2021-3038"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2021-3038", "datePublished": "2021-04-20T03:15:18.565071Z", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-09-16T17:49:11.570Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F9DF37EB-CA9A-43AF-9291-9DE99330E9AC", "versionEndExcluding": "5.1.8", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*", "matchCriteriaId": "DD74EA32-59A1-41A3-9445-E886CA324C5A", "versionEndExcluding": "5.2.4", "versionStartIncluding": "5.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4."}, {"lang": "es", "value": "Una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la aplicaci\u00f3n Palo Alto Networks GlobalProtect en sistemas Windows, permite a un usuario limitado de Windows enviar informaci\u00f3n espec\u00edficamente dise\u00f1ada a la aplicaci\u00f3n GlobalProtect que resulta en un error de pantalla azul de finalizaci\u00f3n (BSOD) de Windows.&#xa0;Este problema afecta a: la aplicaci\u00f3n GlobalProtect versiones 5.1 anteriores a la aplicaci\u00f3n GlobalProtect versi\u00f3n 5.1.8;&#xa0;la aplicaci\u00f3n GlobalProtect versiones 5.2 anteriores a la aplicaci\u00f3n GlobalProtect versi\u00f3n 5.2.4"}], "id": "CVE-2021-3038", "lastModified": "2024-11-21T06:20:48.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2021-04-20T04:15:12.840", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3038"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-248"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}