PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users

CVE-2021-3062

8.1HIGH

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Prisma Access
Vendor: CVE Published:; 10 November 2021

Badges

👾 Exploit Exists

Summary

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue.

Affected Version(s)

PAN-OS >= 10.1.*

PAN-OS < 9.1.11

PAN-OS < 8.1.20

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 3, 2024
Risk change from: 8.8 to: 8.1 - (HIGH)
Feb 22, 2024
Initial publication
Nov 10, 2021
Vulnerability published.
Nov 10, 2021
Vulnerability Reserved.
Jan 6, 2021

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Matthew Flanagan of Computer Systems Australia (CSA) for discovering and reporting this issue.