¡¾Â©¶´Í¨¸æ¡¿Palo Alto Networks PAN-OSÃüÁî×¢È멶´ (CVE-2021-3050)

Ðû²¼Ê±¼ä 2021-08-12

0x00 ©¶´¸ÅÊö

CVE     ID

CVE-2021-3050

ʱ      ¼ä

2021-08-11

Àà      ÐÍ

ÃüÁî×¢Èë

µÈ      ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°Ï췶Χ


¹¥»÷ÅÓ´ó¶È

µÍ

¿ÉÓÃÐÔ

¸ß

Óû§½»»¥

ÎÞ

ËùÐèȨÏÞ

µÍ

PoC/EXP

ÒѹûÈ»

ÔÚÒ°ÀûÓÃ


 

0x01 ©¶´ÏêÇé

image.png

PAN-OSÊÇPalo Alto NetworksΪÆä·À»ðǽÉ豸¿ª·¢µÄ²Ù×÷ϵͳ¡£

2021Äê8ÔÂ11ÈÕ£¬Palo Alto NetworksÐû²¼Äþ¾²Í¨¸æ£¬ÐÞ¸´ÁËPAN-OSÖеÄÒ»¸öÃüÁî×¢È멶´£¨CVE-2021-3050£©£¬¸Ã©¶´µÄCVSSv3ÆÀ·ÖΪ8.8¡£

¸Ã©¶´´æÔÚÓÚPAN-OS Web ½çÃæÖУ¬¾­¹ýÉí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßÄܹ»Ö´ÐÐÈÎÒâϵͳÃüÁî²¢ÌáÉýȨÏÞ£¬µ«ÒªÀûÓôË©¶´£¬¹¥»÷ÕßÐèÒª·ÃÎÊ PAN-OS Web ½çÃæ½øÐÐÉí·ÝÑéÖ¤¡£

Palo Alto NetworksÌåÏÖÔÝδ·¢Ïָ鶴±»ÀûÓ㬵«´Ë©¶´µÄEXPÒѹûÈ»¡£

 

0x02 ´¦Öý¨Òé

Ä¿Ç°´Ë©¶´ÒѾ­ÐÞ¸´¡£¼øÓÚ´Ë©¶´ÎªÍⲿ·¢ÏÖ£¬ÇÒ©¶´ÀûÓùûÈ»¿ÉÓ㬽¨ÒéÊÜÓ°ÏìÓû§²Î¿¼ÏÂ±í¼°Ê±Éý¼¶¸üУº

°æ±¾

ÊÜÓ°Ïì°æ±¾

ÐÞ¸´°æ±¾

PAN-OS 10.1

>= 10.1.0

>= 10.1.2

PAN-OS 10.0

>= 10.0.0

>= 10.0.8

PAN-OS 9.1

>= 9.1.4

>= 9.1.11

PAN-OS 9.0

>= 9.0.10

>= 9.0.15

PAN-OS 8.1

None

8.1.*

×¢£ºPrisma Access ·À»ðǽºÍÔËÐÐ PAN OS 8.1 °æ±¾µÄ·À»ðǽ²»ÊÜ´Ë©¶´µÄÓ°Ïì¡£

ÏÂÔØÁ´½Ó£º

https://www.paloaltonetworks.cn/

 

0x03 ²Î¿¼Á´½Ó

https://security.paloaltonetworks.com/CVE-2021-3050

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3050

https://nvd.nist.gov/vuln/detail/CVE-2021-3050

 

0x04 ¸üа汾

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2021-08-12

Ê×´ÎÐû²¼

 

0x05 Îĵµ¸½Â¼

CNVD£ºwww.cnvd.org.cn

CNNVD£ºwww.cnnvd.org.cn

CVE£ºcve.mitre.org

NVD£ºnvd.nist.gov

CVSS£ºwww.first.org

 

0x06 ¹ØÓÚ¶«É­Æ½Ì¨

¹Ø×¢ÒÔϹ«Öںţ¬»ñÈ¡¸ü¶à×ÊѶ£º

image.png