CVE-2021-3057: 
Palo Alto Networks GlobalProtect Agent vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability (CVE-2021-3057) was discovered in the Palo Alto Networks GlobalProtect app. The vulnerability was disclosed on October 13, 2021, affecting multiple versions of the GlobalProtect app across different platforms. The affected versions include GlobalProtect app 5.1 versions earlier than 5.1.9 on Windows, GlobalProtect app 5.2 versions earlier than 5.2.8 on Windows and Universal Windows Platform, and GlobalProtect app 5.3 versions earlier than 5.3.1 on Linux (Vendor Advisory).

The vulnerability is classified as a stack-based buffer overflow (CWE-121) with a CVSS v3.1 Base Score of 8.1 (HIGH). The attack vector is network-based (AV:N) with high attack complexity (AC:H), requiring no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U) with high impacts on confidentiality (C:H), integrity (I:H), and availability (A:H) (Vendor Advisory).

If successfully exploited, this vulnerability enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. The high CVSS score indicates severe potential consequences for affected systems (Vendor Advisory).

The vulnerability has been fixed in GlobalProtect app versions 5.1.9 (Windows, Universal Windows Platform, Linux, and MacOS), 5.2.8 (Windows, Universal Windows Platform, and MacOS), and 5.3.1 (Linux). There are no known workarounds for this issue, making it critical for affected users to upgrade to the patched versions (Vendor Advisory).