CVE-2021-3054: 
PAN-OS vulnerability analysis and mitigation

CVE-2021-3054 is a time-of-check to time-of-use (TOCTOU) race condition vulnerability discovered in the Palo Alto Networks PAN-OS web interface. The vulnerability was disclosed on September 8, 2021, affecting multiple versions of PAN-OS including 8.1, 9.0, 9.1, 10.0, and 10.1. This vulnerability enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges (Palo Alto Advisory).

The vulnerability is classified as a Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367). It received a CVSS v3.1 Base Score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability specifically affects the plugin installation process in the PAN-OS web interface, requiring high privileges but potentially leading to root access (NVD).

If successfully exploited, this vulnerability allows an authenticated administrator to execute arbitrary code with root user privileges. The vulnerability affects multiple versions of PAN-OS: versions earlier than 8.1.20, 9.0.14, 9.1.11, 10.0.7, and 10.1.2. However, it does not affect Prisma Access (Palo Alto Advisory).

Palo Alto Networks has released fixes in PAN-OS versions 8.1.20, 9.0.14, 9.1.11, 10.0.7, 10.1.2, and all later versions. As a workaround, organizations can enable signatures for Unique Threat ID 91572 on traffic processed by the firewall to block attacks. Additionally, following best practices for securing the PAN-OS web interface is recommended (Palo Alto Advisory).