CVE-2021-3064

CRITICAL

Palo Alto Networks <8.1.17 - Memory Corruption

Title source: llm

Description

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.

Exploits (1)

nomisec WORKING POC 1 stars

by 0xhaggis · poc

https://github.com/0xhaggis/CVE-2021-3064

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2021-3064

Scores

CVSS v3 9.8

EPSS 0.5311

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

paloaltonetworks/pan-os 8.1.0 - 8.1.17

Published Nov 10, 2021

Tracked Since Feb 18, 2026