1. Home
  2. CVE Database
  3. CVE-2021-3064
CRITICAL · 9.8

CVE-2021-3064

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potent...

Vulnerability Description

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
PaloaltonetworksPan-Os>= 8.1.0, < 8.1.17

Related Weaknesses (CWE)

CWE-121CWE-787

References

FAQ

What is CVE-2021-3064?

CVE-2021-3064 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potent...

How severe is CVE-2021-3064?

CVE-2021-3064 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-3064?

Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Pan-Os.