Massive Zero-Day Hole Found in Palo Alto Security Appliances

12
Massive Zero-Day Hole Found in Palo Alto Security Appliances

Researchers have developed a collaborative effort to find the use of remote control (RCE) code at high risk on a security device from Palo Alto Networks (PAN), which could leave 10,000 fire-hazardous fire walls exposed on the Internet.

The most important day of all, followed as CVE 2021-3064 with a CVSS rating of 9.8 out of 10 at risk, is on PAN’s GlobalProtect firewall. Allows unauthorized RCE in most versions of PAN-OS 8.1 prior to 8.1.17, on both virtual and virtual fire walls.

PAN updates include versions 9.0 and 9.1, but based on Randori research, those versions are not compromised in this particular CVE. A spokesman told reporters that any updates to non-8.1 versions may not be related to CVE 2021-3064.

Read More: threatpost