Palo Alto`s massive zero-day hole

Palo Alto`s massive zero-day hole CVE 2021-3064 scored a CVSS rating of 9.8 out of 10 for vulnerability severity. The PAN’s GlobalProtect firewall allows for unauthenticated RCE on multiple versions of PAN-OS 8.1 prior to 8.1.17, on both physical and virtual firewalls. It potentially leaves 10,000 vulnerable firewalls with their goods exposed to the internet. Randori researches concerning the vulnerability reported that if an attacker gains an access to the vulnerability it will allow them to gain a shell on the targeted system, access sensitive configuration data, extract credentials and even more.

Palo Alto`s massive zero-day hole

“As the threat from zero-days grows, more and more organizations are asking for realistic ways to prepare for and train against unknown threats, which translates to a need for ethical use of zero-days.”“When a defender is unable to patch a flaw, they must rely on other controls. Real exploits let them validate those controls, and not simply in a contrived manner,” researches said in their report.

Initially Randori had confidence that “more than 70,000 vulnerable instances were exposed on internet-facing assets.”They based the resulting facts on a Shodan search of internet-exposed devices. The Randori Attack Team first detected the vulnerability a year ago. They developed a working exploit and used it against Randori customers (with authorization) over the past year. Randori synchronized the disclosure with the PAN. And on Wednesday Palo Alto Networks released an advisory and an update to patch CVE-2021-3064.

CVE-2021-3064 creates overflow in a buffer

Research team also provided a short technical analysis of CVE-2021-3064. It is a buffer overflow that takes place while parsing user-supplied input into a fixed-length location on the stack. To get to the problematic code, attackers would have to use an HTTP smuggling technique, researchers gave an explanation of it. In other ways, it’s not reachable outwardly. HTTP request smuggling is a technique for intervening in the way a web site processes sequences of HTTP requests that are obtained from one or more users.

In addition Randori offered recommendations for Palo Alto customers on how to mitigate the threat:

Observe logs and alerts from the device;

In case you miss the news we will give a short abstract here. The Moses Staff attack group that has been terrorizing the Israeli organization from September 2021 published the 3D photos of Israeli area. The group politically motivates their actions and calls for potential partners.