Software vulnerabilities affecting network companies are not uncommon and are usually patched quickly to avoid compromising the substantial business customer base. The successful exploitation of a vulnerability like this can potentially lead to the complete compromise of an unpatched system running the GlobalProtect Clientless VPN application. This means that a large number of enterprise customers and clients can potentially be breached or compromised by a remote attacker if they do not update to the latest patch.
About GlobalProtect Clientless VPN
GlobalProtect Clientless VPN is Palo Alto Networks’ secure remote access solution for enterprise web applications. A clientless secure SSL VPN (Virtual Private Network) does not require an application to function. Palo Alto Networks states that its GlobalProtect Clientless VPN, “is useful when you need to enable partner or contractor access to applications, and safely enable unmanaged assets, including personal endpoints.” It is a cross-platform, multi-browser enterprise security solution.
Buffer Overflow Vulnerability
The Palo Alto Networks Security Advisory concerning CVE-2021-3056 in PAN-OS is a Buffer overflow security flaw that is one of the common software vulnerabilities affecting many others. The advisory confirms that a memory corruption vulnerability, “enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication.” A buffer overflow vulnerability is one of the most common types of security flaws afflicting both legacy and new products in the software industry. By overflowing (overloading) the memory buffer, a remote attacker can then execute malicious code. This type of flaw is also known to be popularly sought out amongst cybercriminals.
In-Depth Analysis
The software vulnerability allows a remote attacker to execute arbitrary code on the target system and exists due to a boundary error in the PAN-OS GlobalProtect Clientless VPN during SAML authentication. A remote attacker can send specially crafted requests to the system, trigger memory corruption and execute arbitrary code with root privileges. Successful exploitation of this vulnerability may result in the complete compromise of an unpatched system.
Vulnerable Software Versions
The following versions of Palo Alto PAN-OS are vulnerable; Palo Alto PAN-OS: 8.1, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.4-h2, 8.1.5, 8.1.6, 8.1.6-h2, 8.1.7, 8.1.8, 8.1.8-h4, 8.1.8-h5, 8.1.9, 8.1.9-h4, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.1.14-h2, 8.1.15, 8.1.15-h3, 8.1.16, 8.1.17, 8.1.18, 8.1.19, 9.0, 9.0.0, 9.0.1, 9.0.2, 9.0.2-h4, 9.0.3, 9.0.3-h2, 9.0.3 h3, 9.0.4, 9.0.5, 9.0.5-h3, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.9-h1, 9.0.10, 9.0.11, 9.0.12, 9.0.13, 9.1, 9.1.0, 9.1.1, 9.1.2, 9.1.2-h1, 9.1.3, 9.1.3-h1, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 10.0.0
Important User Information
Users and administrators will be delighted to know that a patch has been released that closes any risky security holes in the above versions of the software. The issue has been fixed in; “PAN-OS 8.1.20, PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.1, and all later PAN-OS versions.” Palo Alto Networks has confirmed that they are, “not aware of any malicious exploitation of this issue” at this time.