Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.
Researchers have developed a working exploit to gain remote code execution (RCE) via a massive vulnerability in a security appliance from Palo Alto Networks (PAN), potentially leaving more than 70,000 vulnerable firewalls with their goods exposed to the internet.
The critical zero day, tracked as CVE 2021-3064 and scoring a CVSS rating of 9.8 out of 10 for vulnerability severity, is in PAN’s GlobalProtect firewall. It allows for unauthenticated RCE on multiple versions of PAN-OS 8.1 prior to 8.1.17, on both physical and virtual firewalls.
Randori researchers said in a Wednesday post that if an attacker successfully exploits the weakness, they can gain a shell on the targeted system, access sensitive configuration data, extract credentials and more.
After that, attackers can dance across a targeted organization, they said: “Once an attacker has control over the firewall, they will have visibility into the internal network and can proceed to move laterally.”
Going by a Shodan search of internet-exposed devices, Randori