Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3057

A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux.

Published

2021-10-13T16:15:07.783

Last Modified

2024-11-21T06:20:52.090

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-121
  • Type: Primary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application paloaltonetworks globalprotect ≤ 5.0.8 Yes
Application paloaltonetworks globalprotect ≤ 5.0.9 Yes
Application paloaltonetworks globalprotect ≤ 5.0.10 Yes
Application paloaltonetworks globalprotect ≤ 5.1.1 Yes
Application paloaltonetworks globalprotect ≤ 5.1.1 Yes
Application paloaltonetworks globalprotect < 5.1.9 Yes
Application paloaltonetworks globalprotect ≤ 5.1.4 Yes
Application paloaltonetworks globalprotect < 5.2.8 Yes
Application paloaltonetworks globalprotect < 5.2.8 Yes
Application paloaltonetworks globalprotect < 5.2.8 Yes
Application paloaltonetworks globalprotect < 5.2.8 Yes
Application paloaltonetworks globalprotect < 5.3.1 Yes
Application paloaltonetworks globalprotect 5.0 Yes
References