Operational Defect Database

BugZero updated this defect 83 days ago.

Palo Alto Networks | PAN-164422

( VM-Series firewalls only ) A fix was made to address improper access control that enabled an attacker with authenticated access to GlobalProtect portals and GlobalProtect gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon Web Services (AWS) ( CVE-2021-3062 ).

Last update date:

5/2/2024

Affected products:

Pan OS

Affected releases:

No affected releases provided.

Fixed releases:

9.1.11

8.1.20

Description:

The earliest recollection of this bug is traced back to PAN-OS 8.1.20 - May 02, 2024. This bug is fixed in PAN-OS versions 9.1.11, 8.1.20. ( VM-Series firewalls only ) A fix was made to address improper access control that enabled an attacker with authenticated access to GlobalProtect portals and GlobalProtect gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon Web Services (AWS) ( CVE-2021-3062 ). For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-20-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-11-addressed-issues

Additional Resources / Links

Share:

BugZero® Risk Score

What's this?

Coming soon

Status

Addressed

Learn More

Search:

...