NVD

Vulnerability Change Records for CVE-2021-3062

Change History

CVE Modified by Palo Alto Networks, Inc. 11/10/2021 1:15:09 PM

Action

Type

Old Value

New Value

Changed

Description

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS.

Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS.
This issue impacts:
PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls;
PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls;
PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls;
PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls.
Prisma Access customers are not impacted by this issue.

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Vulnerability Change Records for CVE-2021-3062

Change History

CVE Modified by Palo Alto Networks, Inc. 11/10/2021 1:15:09 PM