CVE-2021-3057

HIGH

Palo Alto Networks GlobalProtect <5.1.9-5.2.8 - Buffer Overflow

Title source: llm
STIX 2.1

Description

A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2021-3057

Scores

CVSS v3 8.1
EPSS 0.0108
EPSS Percentile 78.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-121 CWE-787
Status published
Products (5)
paloaltonetworks/globalprotect 5.0
paloaltonetworks/globalprotect 5.0 - 5.0.10
paloaltonetworks/globalprotect 5.0 - 5.0.8
paloaltonetworks/globalprotect 5.0 - 5.0.9
paloaltonetworks/globalprotect 5.1 - 5.1.1
Published Oct 13, 2021
Tracked Since Feb 18, 2026