Researchers have developed a working exploit to gain remote code execution (RCE) via a massive vulnerability in a security appliance from Palo Alto Networks (PAN), potentially leaving 10,000 vulnerable firewalls with their goods exposed to the internet.
The critical zero day, tracked as CVE 20213064 and scoring a CVSS rating of 9.8 out of 10 for vulnerability severity, is in PAN’s GlobalProtect firewall. It allows for unauthenticated RCE on multiple versions of PANOS 8.1 prior to 8.1.17, on both physical and virtual firewalls.