Background /What has happened?
A vulnerability (CVE-2021-3064) has been identified in the GlobalProtect component of certain versions of the Palo Alto firewall operating system. Exploitation of this vulnerability could allow an unauthenticated cyber actor to perform remote code execution. A cyber actor would then be able to install malware or otherwise control the affected device.
Mitigation / How do I stay secure?
Australian organisations who utilise a Palo Alto firewall, particularly those that utilise the GlobalProtect component, should review the Palo Alto Network security advisory for a list of specific vulnerable configurations and product versions. Affected organisations should then review the patch status of any Palo Alto firewalls and update to the latest available version.
Assistance / Where can I go for help?
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).