CVE-2021-3038 : Security Advisory and Response

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to trigger a Windows blue screen of death (BSOD) error. This affects versions of GlobalProtect app 5.1 prior to 5.1.8 and 5.2 prior to 5.2.4.

Understanding CVE-2021-3038

This CVE describes a vulnerability in the GlobalProtect Windows VPN kernel driver that could lead to a denial-of-service condition.

What is CVE-2021-3038?

CVE-2021-3038 is a vulnerability in Palo Alto Networks GlobalProtect app for Windows, allowing a specific malicious input to cause a DoS and crash the system, resulting in a BSOD.

The Impact of CVE-2021-3038

The impact of this vulnerability is high availability and a medium base severity, with a CVSS base score of 5.5.

Technical Details of CVE-2021-3038

This section outlines the specifics of the vulnerability, including affected systems, versions, and the exploitation mechanism.

Vulnerability Description

The vulnerability allows a limited Windows user to send specially crafted input to the GlobalProtect app, triggering the BSOD error.

Affected Systems and Versions

GlobalProtect app 5.1 versions before 5.1.8 and 5.2 versions before 5.2.4 are impacted by this vulnerability.

Exploitation Mechanism

There are no known instances of malicious exploitation of this issue by Palo Alto Networks.

Mitigation and Prevention

To address CVE-2021-3038, immediate action should be taken to secure affected systems and prevent exploitation in the future.

Immediate Steps to Take

Update your GlobalProtect app to version 5.1.8 or 5.2.4, or any later versions, where the issue has been fixed.

Long-Term Security Practices

Ensure timely application of security patches and updates to prevent exploitation of known vulnerabilities.

Patching and Updates

To mitigate the risk of exploitation, regularly check for updates and apply them promptly from Palo Alto Networks.