A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Paloaltonetworks |
|
Configuration 1 [-]
|
No data.
No data.
Fixes
Solution
This issue is fixed in PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.1, and all later PAN-OS versions. This issue is fixed in Prisma Access 2.2 Preferred and all later Prisma Access versions.
Workaround
Enable signatures for Unique Threat ID 91585 on traffic processed by the firewall to block attacks against CVE-2021-3056.
References
| Link | Providers |
|---|---|
| https://security.paloaltonetworks.com/CVE-2021-3056 |
|
History
No history.
MITRE
Status: PUBLISHED
Assigner: palo_alto
Published:
Updated: 2024-09-16T20:36:56.323Z
Reserved: 2021-01-06T00:00:00
Link: CVE-2021-3056
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-11-10T17:15:09.553
Modified: 2024-11-21T06:20:51.940
Link: CVE-2021-3056
Redhat
No data.
OpenCVE Enrichment
No data.