Palo Alto Networks · Pan-Os · CVE-2021-3062
**Name of the Vulnerable Software and Affected Versions**
PAN-OS versions 8.1 through 8.1.19
PAN-OS versions 9.0 through 9.0.13
PAN-OS versions 9.1 through 9.1.10
PAN-OS versions 10.0 through 10.0.7
**Description**
An improper access control issue in PAN-OS software allows an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. This enables the attacker to perform any operations allowed by the EC2 role in AWS.
**Recommendations**
For PAN-OS 8.1 versions earlier than 8.1.20, update to version 8.1.20 or later.
For PAN-OS 9.0 versions earlier than 9.0.14, update to version 9.0.14 or later.
For PAN-OS 9.1 versions earlier than 9.1.11, update to version 9.1.11 or later.
For PAN-OS 10.0 versions earlier than 10.0.8, update to version 10.0.8 or later.