CVE-2021-3056: 
PAN-OS vulnerability analysis and mitigation

CVE-2021-3056 is a memory corruption vulnerability discovered in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN that was disclosed on November 10, 2021. The vulnerability enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. The affected versions include PAN-OS 8.1 versions earlier than 8.1.20, PAN-OS 9.0 versions earlier than 9.0.14, PAN-OS 9.1 versions earlier than 9.1.9, PAN-OS 10.0 versions earlier than 10.0.1, and Prisma Access 2.1 Preferred firewalls (Palo Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-120 (Buffer Overflow) and only affects PAN-OS firewall configurations with the Clientless VPN feature and SAML authentication enabled for GlobalProtect Portal (Palo Advisory, NVD).

If exploited, this vulnerability allows an authenticated attacker to execute arbitrary code with root user privileges, potentially leading to complete system compromise. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as HIGH impact according to the CVSS scoring (Palo Advisory).

The vulnerability has been fixed in PAN-OS versions 8.1.20, 9.0.14, 9.1.9, 10.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 2.2 and later versions. As a workaround, administrators can enable signatures for Unique Threat ID 91585 on traffic processed by the firewall to block attacks against this vulnerability (Palo Advisory).