GlobalProtect App: Windows VPN kernel driver denial of service (DoS)
CVE-2021-3038

5.5MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 14 April 2021

Badges

👾 Exploit Exists

Summary

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4.

Affected Version(s)

GlobalProtect App Windows 5.1 < 5.1.8

GlobalProtect App Windows 5.2 < 5.2.4

References

https://security.paloaltonetworks.com/CVE-2021-3038

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Apr 14, 2021
Vulnerability Reserved
Jan 6, 2021

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Christophe Schleypen from NCIA / NCIRC for discovering and reporting this issue.