Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
November 11, 2021Rewterz Threat Advisory – CVE-2021-22048 – VMware vCenter Server privilege escalation
November 11, 2021Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
November 11, 2021Rewterz Threat Advisory – CVE-2021-22048 – VMware vCenter Server privilege escalation
November 11, 2021Severity
High
Analysis Summary
CVE-2021-3064
Palo Alto Networks PAN-OS is vulnerable to a stack-based buffer overflow, caused by a memory corruption flaw in the GlobalProtect portal and gateway interfaces. By sending a specially-crafted HTTP request using HTTP smuggling techniques, a remote attacker could overflow a buffer and execute arbitrary code on the system with root privileges.
Impact
- Remote code execution
- Unauthorized access
Affected Vendors
Palo Alto
Affected Products
- Palo Alto Networks PAN-OS 8.1
- Palo Alto Networks PAN-OS 8.1.16
Remediation
This issue is fixed in PAN-OS 8.1.17 and all later PAN-OS versions.