阿里云漏洞库

漏洞描述

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://security.paloaltonetworks.com/CVE-2021-3062

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	paloaltonetworks	vm-series_firewall	-	-
	运行在以下环境
	系统	fedora_33	chromium	*		Up to (excluding) 94.0.4606.61-1.fc33
	运行在以下环境
	系统	fedora_34	chromium	*		Up to (excluding) 94.0.4606.61-1.fc34
	运行在以下环境
	系统	fedora_35	chromium	*		Up to (excluding) 94.0.4606.61-1.fc35
	运行在以下环境
	系统	fedora_EPEL_8	chromium	*		Up to (excluding) 94.0.4606.61-1.el8
	运行在以下环境
	系统	opensuse_Leap_15.2	opera	*		Up to (excluding) 79.0.4143.22-lp153.2.18.1
	运行在以下环境
	系统	opensuse_Leap_15.3	opera	*		Up to (excluding) 79.0.4143.50-lp153.2.21.1
	运行在以下环境
	系统	opensuse_Leap_15.4	opera	*		Up to (excluding) 85.0.4341.28-lp154.2.5.1
	运行在以下环境
	系统	paloaltonetworks	pan-os	*	From (including) 10.0.0	Up to (excluding) 10.0.8
	运行在以下环境
	系统	paloaltonetworks	pan-os	*	From (including) 8.1.0	Up to (excluding) 8.1.20
	运行在以下环境
	系统	paloaltonetworks	pan-os	*	From (including) 9.0.0	Up to (excluding) 9.0.14
	运行在以下环境
	系统	paloaltonetworks	pan-os	*	From (including) 9.1.0	Up to (excluding) 9.1.11

攻击路径

网络
攻击复杂度

低
权限要求

低
影响范围

未更改
用户交互

无
可用性

无
保密性

高
完整性

高

CWE-ID	漏洞类型
CWE-863	授权机制不正确
NVD-CWE-Other

paloaltonetworks pan-os 授权机制不正确

漏洞描述

解决建议

参考链接

受影响软件情况