CVE-2021-3060 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2021-3060?

CVE-2021-3060 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3060?

Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Prisma Access, Paloaltonetworks Pan-Os.

Vulnerability Description

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Paloaltonetworks	Prisma Access	2.1
Paloaltonetworks	Pan-Os	>= 8.1.0, <= 8.1.20

Related Weaknesses (CWE)

CWE-78

References

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/certificate-managemenVendor Advisory
https://docs.paloaltonetworks.com/prisma/prisma-access/innovation/2-1/prisma-accVendor Advisory
https://security.paloaltonetworks.com/CVE-2021-3060Vendor Advisory
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/certificate-managemenVendor Advisory
https://docs.paloaltonetworks.com/prisma/prisma-access/innovation/2-1/prisma-accVendor Advisory
https://security.paloaltonetworks.com/CVE-2021-3060Vendor Advisory

FAQ

What is CVE-2021-3060?

CVE-2021-3060 is a vulnerability with a CVSS score of 8.1 (HIGH). An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the fi...

How severe is CVE-2021-3060?

CVE-2021-3060 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3060?

Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Prisma Access, Paloaltonetworks Pan-Os.