CVE-2021-3057 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-3057 PUBLISHED CVSS 8.100000381469727 HIGH

A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux.

EPSS 1.08% · 77.7th percentile

Risk Scores

CVSS v3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.08%

77.7th percentile

Affected Products

Vendor	Product	Versions
paloaltonetworks	globalprotect	5.0, 5.2, 5.2
Palo Alto Networks	GlobalProtect App	5.2, 5.3, 5.2

Timeline

Oct 13, 2021 CVE Published
Oct 14, 2021 EPSS Score
Dec 9, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 3, 2022 EPSS Score
Mar 31, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 26, 2022 EPSS Score
Jul 21, 2022 EPSS Score
Sep 15, 2022 EPSS Score
Nov 10, 2022 EPSS Score
Jan 5, 2023 EPSS Score

References

Open in Interactive Console →