CVE-2021-3062

Name of the Vulnerable Software and Affected Versions PAN-OS versions 8.1 through 8.1.19 PAN-OS versions 9.0 through 9.0.13 PAN-OS versions 9.1 through 9.1.10 PAN-OS versions 10.0 through 10.0.7

Description An improper access control issue in PAN-OS software allows an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. This enables the attacker to perform any operations allowed by the EC2 role in AWS.

Recommendations For PAN-OS 8.1 versions earlier than 8.1.20, update to version 8.1.20 or later. For PAN-OS 9.0 versions earlier than 9.0.14, update to version 9.0.14 or later. For PAN-OS 9.1 versions earlier than 9.1.11, update to version 9.1.11 or later. For PAN-OS 10.0 versions earlier than 10.0.8, update to version 10.0.8 or later.