Technical Analysis: CVE-2021-3064

Join Us on December 14 at 11am PT/2pm ET:

On Wednesday, November 10th, Randori released details about an exploitable zero day we found in Palo Alto’s GlobalProtect firewall. The vulnerability allowed for unauthenticated remote code execution (RCE) on multiple versions of PAN-OS 8.1 prior to 8.1.17. Randori believes there were more than 70,000 vulnerable instances exposed on internet-facing assets. 

Exploitation yields remote code execution under the privileges of the affected component on the firewall device. If an attacker successfully exploits this vulnerability they gain a shell on the affected target, access sensitive configuration data, extract credentials, and more. Once an attacker has control over the firewall, they will have visibility into the internal network and can proceed to move laterally. 

We coordinated a disclosure with Palo Alto for the safety of their customers and they issued a security advisory and released a patch for the vulnerability simultaneously.  Palo Alto gave the CVE a 9.8 rating on the CVSS scale (CVE-2021-3064).The Randori Attack Team developed a reliable working exploit and leveraged the capability as part of Randori’s continuous and automated red team platform.  As part of this announcement, we unveiled to the world that to deliver on our promised value to our customers, we procure zero days, weaponize them, and use them against our customers when authorized.

Join us on December 14 when Randori does a Technical Deep dive on this 0-day announcement.