← Back

CVE-2021-3057

nvd nist
Published: Oct 13, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: psirt@paloaltonetworks.com (Secondary)

Description

A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux.

Affected (13)

Paloaltonetworks
1 product
Globalprotect
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Paloaltonetworks
Globalprotect
From 5.0 to 5.0.8
Globalprotect
From 5.1 to 5.1.1
Globalprotect
From 5.2 to 5.2.8
Globalprotect
From 5.3 to 5.3.1
Globalprotect
From 5.0 to 5.0.9
Globalprotect
From 5.1.0 to 5.1.4
Globalprotect
From 5.2 to 5.2.8
Globalprotect
From 5.1 to 5.1.1
Globalprotect
From 5.2 to 5.2.8
Globalprotect
From 5.0 to 5.0.10
Globalprotect
From 5.1 to 5.1.9
Globalprotect
From 5.2 to 5.2.8
Globalprotect
Version 5.0

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

Source: psirt@paloaltonetworks.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.