CVE Vulnerabilities

CVE-2021-3053

Improper Handling of Exceptional Conditions

Published: Sep 08, 2021 | Modified: Sep 15, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
7.1 HIGH
AV:N/AC:M/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access.

Weakness

The product does not handle or incorrectly handles an exceptional condition.

Affected Software

Name Vendor Start Version End Version
Pan-os Paloaltonetworks 8.1.0 (including) 8.1.20 (excluding)
Pan-os Paloaltonetworks 9.0.0 (including) 9.0.14 (excluding)
Pan-os Paloaltonetworks 9.1.0 (including) 9.1.9 (excluding)
Pan-os Paloaltonetworks 10.0.0 (including) 10.0.5 (excluding)

References