PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage

CVE-2021-3048

5.9MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Pan-os
Vendor: CVE Published:; 11 August 2021

Summary

Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic. This issue impacts: PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 8.1 and PAN-OS 10.1 versions are not impacted.

Affected Version(s)

PAN-OS >= 10.1.*

PAN-OS >= 8.1.*

PAN-OS < 9.0.14

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Initial publication
Aug 11, 2021
Vulnerability published.
Aug 11, 2021
Vulnerability Reserved.
Jan 6, 2021

Collectors

NVD DatabaseMitre Database

Credit

This issue was encountered by some customers of Palo Alto Networks during regular operation.