What is CVE-2021-3063?

CVE-2021-3063 is a vulnerability that exists in Palo Alto Networks GlobalProtect portal and gateway interfaces, allowing an unauthenticated attacker to send specially crafted traffic that causes the service to stop responding.

What is the severity of CVE-2021-3063?

CVE-2021-3063 has a severity rating of 7.5, which is considered high.

How does CVE-2021-3063 affect Palo Alto Networks Pan-OS?

CVE-2021-3063 affects Palo Alto Networks Pan-OS version 8.1.0 to 8.1.21, 9.0.0 to 9.0.14, 9.1.0 to 9.1.11, 10.0.0 to 10.0.8, and 10.1.0 to 10.1.3.

Is authentication required for exploiting CVE-2021-3063?

No, CVE-2021-3063 can be exploited by an unauthenticated network-based attacker.

Where can I find more information about CVE-2021-3063?

More information about CVE-2021-3063 can be found at the following URL: https://security.paloaltonetworks.com/CVE-2021-3063

Vulnerability/
CVE-2021-3063

high

7.5

CWE

755

10/11/2021

3/8/2024

CVE-2021-3063: PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces

First published: Wed Nov 10 2021(Updated: )

An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h4; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8-h4; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers are not impacted by this issue.

Credit: psirt@paloaltonetworks.com

Affected Software	Affected Version	How to fix
Paloaltonetworks Pan-os	>=8.1.0<8.1.21
Paloaltonetworks Pan-os	>=9.0.0<=9.0.14
Paloaltonetworks Pan-os	>=9.1.0<=9.1.11
Paloaltonetworks Pan-os	>=10.0.0<=10.0.8
Paloaltonetworks Pan-os	>=10.1.0<10.1.3

Remedy

This issue is fixed in PAN-OS 8.1.21, PAN-OS 9.0.14-h4, PAN-OS 9.1.11-h3, PAN-OS 10.0.8-h4, PAN-OS 10.1.3, and all later PAN-OS versions.

Never miss a vulnerability like this again

Reference Links

https://security.paloaltonetworks.com/CVE-2021-3063

Frequently Asked Questions

What is CVE-2021-3063?
CVE-2021-3063 is a vulnerability that exists in Palo Alto Networks GlobalProtect portal and gateway interfaces, allowing an unauthenticated attacker to send specially crafted traffic that causes the service to stop responding.
What is the severity of CVE-2021-3063?
CVE-2021-3063 has a severity rating of 7.5, which is considered high.
How does CVE-2021-3063 affect Palo Alto Networks Pan-OS?
CVE-2021-3063 affects Palo Alto Networks Pan-OS version 8.1.0 to 8.1.21, 9.0.0 to 9.0.14, 9.1.0 to 9.1.11, 10.0.0 to 10.0.8, and 10.1.0 to 10.1.3.
Is authentication required for exploiting CVE-2021-3063?
No, CVE-2021-3063 can be exploited by an unauthenticated network-based attacker.
Where can I find more information about CVE-2021-3063?
More information about CVE-2021-3063 can be found at the following URL: https://security.paloaltonetworks.com/CVE-2021-3063

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/weakness
agent/references
agent/remedy
agent/title
agent/tags
agent/first-publish-date
agent/event
agent/description
vendor/paloaltonetworks
canonical/paloaltonetworks pan-os
version/paloaltonetworks pan-os/8.1.0
version/paloaltonetworks pan-os/9.0.0
version/paloaltonetworks pan-os/9.0.14
version/paloaltonetworks pan-os/9.1.0
version/paloaltonetworks pan-os/9.1.11
version/paloaltonetworks pan-os/10.0.0
version/paloaltonetworks pan-os/10.0.8
version/paloaltonetworks pan-os/10.1.0