A Zero-Day vulnerability has been identified by the Massachusetts-based cybersecurity firm Randori in Palo Alto Networks firewalls using GlobalProtect VPN.
This Zero-Day flaw could be exploited by an unauthorized attacker to execute arbitrary code remotely on vulnerable devices with superuser privileges. This Zero-Day bug was tracked as CVE-2021-3064 scored 9.8 on the CVSS and affects the PAN-OS 8.1 and earlier than PAN-OS 8.1.17.
While the security firm Randori has also found many vulnerable instances that are exposed on internet-facing assets, in plenty of 10,000 assets.
The CVE-2021-3064 is a barrier overflow that generally befalls while parsing user-supplied input within a fixed-length location on the pipe.
However, without using the HTTP smuggling method, it’s quite difficult to get the problematic code. And that’s why here the affected product is a VPN portal.
This port is generally accessible over the Internet, and exploitation is difficult, but at the same, it is possible on devices with ASLR enabled.
The Randori Attack team strongly exploited the following systems along with GlobalProtect allowed and accessible:-
Here are the timelines that we have mentioned below:-
All the affected organizations must apply the patches that have been implemented by PAN. Not only this but one should always go for the best methods that are supported for any Internet-facing assets, that include:-
Moreover, to successfully exploit the vulnerability, the threat actors must use a technique named HTTP Request Smuggling and have network access to the device by port 443 of the GlobalProtect service.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.
Password spraying is a technique hackers often take advantage of because it enables them to…
GitLab has announced the release of updated versions for both its Community Edition (CE) and…
Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk…
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…
Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…