Jump to content
The Great Escape Online Community

[Slashdot] - Researchers Wait 12 Months To Report Vulnerability With 9.8 Out of 10 Severity Rating


Admin
 Share

Recommended Posts

About 10,000 enterprise servers running Palo Alto Networks' GlobalProtect VPN are vulnerable to a just-patched buffer overflow bug with a severity rating of 9.8 out of a possible 10. From a report: Security firm Randori said on Wednesday that it discovered the vulnerability 12 months ago and for most of the time since has been privately using it in its red team products, which help customers test their network defenses against real-world threats. The norm among security professionals is for researchers to privately report high-severity vulnerabilities to vendors as soon as possible rather than hoarding them in secret. CVE-2021-3064, as the vulnerability is tracked, is a buffer overflow flaw that occurs when parsing user-supplied input in a fixed-length location on the stack. A proof-of-concept exploit Randori researchers developed demonstrates the considerable damage that can result. "Our team was able to gain a shell on the affected target, access sensitive configuration data, extract credentials, and more," researchers from Randori wrote on Wednesday. "Once an attacker has control over the firewall, they will have visibility into the internal network and can proceed to move laterally." Over the past few years, hackers have actively exploited vulnerabilities in a raft of enterprise firewalls and VPNs from the likes of Citrix, Microsoft, and Fortinet, government agencies warned earlier this year. Similar enterprise products, including those from Pulse Secure and Sonic Wall, have also come under attack. Now, Palo Alto Networks' GlobalProtect may be poised to join the list.

twitter_icon_large.png facebook_icon_large.png

Read more of this story at Slashdot.

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using The Great Escaped Online Community, you agree to our Privacy Policy and Terms of Use