CVE-2021-3038

Published: Apr 20, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: psirt@paloaltonetworks.com (Secondary)

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4.

Affected (2)

Products: Paloaltonetworks: Globalprotect

Paloaltonetworks

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Globalprotect	From 5.1.0 to 5.1.8
Paloaltonetworks Globalprotect	From 5.2.0 to 5.2.4

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Uncaught Exception

An exception is thrown from a function, but it is not caught.

References (2)

https://security.paloaltonetworks.com/CVE-2021-3038

Source: psirt@paloaltonetworks.com

Vendor Advisory

https://security.paloaltonetworks.com/CVE-2021-3038

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.