Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.
Researchers have developed a working exploit to gain remote code execution (RCE) via a massive vulnerability in a security appliance from Palo Alto Networks (PAN), potentially leaving more than 70,000 vulnerable firewalls with their goods exposed to the internet.
The critical zero day, tracked as CVE 2021-3064 and scoring a CVSS rating of 9.8 out of 10 for vulnerability severity, is in PAN’s GlobalProtect firewall. It allows for unauthenticated RCE on multiple versions of PAN-OS 8.1 prior to 8.1.17, on both physical and virtual firewalls.
111021 14:04 UPDATE: The PAN updates cover versions 9.0 and 9.1, but based on Randori’s research, those versions aren’t vulnerable to this particular CVE. A spokesperson told Threatpost that any updates to non-8.1 versions are likely unrelated to CVE 2021-3064.
Randori researchers said in a Wednesday post that if an attacker successfully exploits the weakness, they can gain a shell on the targeted system, access sensitive configuration data, extract credentials and more.
After that, attackers can dance across a targeted organization, they said: “Once an attacker has control over the firewall, they will have visibility into the internal network and can proceed to move laterally.”
Going by a Shodan search of internet-exposed devices, Randori believes there are “more than 70,000 vulnerable instances exposed on internet-facing assets.”
The Randori Attack Team found the zero day a year ago, developed a working exploit and used it against Randori customers (with authorization) over the past year. Below is the team’s video of the exploit:
See the rest of the article by going HERE.
