It is not necessary to enable SSL decryption to detect and block attacks against this issue. Workarounds and MitigationsĮnable signatures for Unique Threat IDs 9185 on traffic destined for GlobalProtect portal and gateway interfaces to block attacks against CVE-2021-3064. This issue is fixed in PAN-OS 8.1.17 and all later PAN-OS versions. Weakness TypeĬWE-121 Stack-based Buffer Overflow Solution Palo Alto Networks is not aware of any malicious exploitation of this issue. Severity: CRITICALĬVSSv3.1 Base Score: 9.8 ( CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Exploitation Status Duo authentication for Palo Alto GlobalProtect supports push, phone call, or passcode authentication for GlobalProtect desktop and mobile client connections using RADIUS. You can verify whether you have a GlobalProtect portal or gateway configured by checking for entries in 'Network > GlobalProtect > Portals' and in 'Network > GlobalProtect > Gateways' from the web interface. This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal or gateway enabled.
Prisma Access customers are not impacted by this issue. Access must be approved before connecting to ISU's network from off-campus. A VPN provides a secure connection to ISU's network from off-campus. GitHub - yuezk/GlobalProtect-openconnect: A GlobalProtect VPN client (GUI) for Linux, based on OpenConnect and built with Qt5, supports SAML auth mode.
This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. A Virtual Private Network (VPN) is used to access many ISU resources, such as Argos, Banner, encrypted machines and licensed software while working from home or traveling for Idaho State University. A GlobalProtect VPN client (GUI) for Linux, based on OpenConnect and built with Qt5, supports SAML auth mode. The attacker must have network access to the GlobalProtect interface to exploit this issue. A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges.