PT-2021-18773 · Palo Alto Networks · Globalprotect

Tomas Rzepka

Published

2021-10-13

Updated

2021-10-20

CVE-2021-3057

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app versions earlier than 5.1.9 on Windows Palo Alto Networks GlobalProtect app versions earlier than 5.2.8 on Windows Palo Alto Networks GlobalProtect app versions earlier than 5.2.8 on the Universal Windows Platform Palo Alto Networks GlobalProtect app versions earlier than 5.3.1 on Linux

Description A stack-based buffer overflow issue exists in the GlobalProtect app, allowing a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges.

Recommendations For versions earlier than 5.1.9 on Windows, update to version 5.1.9 or later. For versions earlier than 5.2.8 on Windows, update to version 5.2.8 or later. For versions earlier than 5.2.8 on the Universal Windows Platform, update to version 5.2.8 or later. For versions earlier than 5.3.1 on Linux, update to version 5.3.1 or later.

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2021-3057

Affected Products

Globalprotect

PT-2021-18773 · Palo Alto Networks · Globalprotect

CVE-2021-3057

Weakness Enumeration

Related Identifiers

Affected Products

References · 4