These kinds of vulnerabilities are often critical, as they allow an attacker to bypass security controls, gain unauthorized access to sensitive data and directly compromise other application users. HTTP request smuggling is a technique for interfering with the way a web site processes sequences of HTTP requests that are received from one or more users. Otherwise, it’s not reachable externally. To get to the problematic code, attackers would have to use an HTTP smuggling technique, researchers explained. Randori said that CVE-2021-3064 is a buffer overflow that occurs while parsing user-supplied input into a fixed-length location on the stack.
While Randori is setting aside 30 days before releasing yet more detailed technical information that it usually provides in its attack notes – a grace period for customers to patch or upgrade – it did give some higher-level details. Randori’s also planning to release more technical details on Wednesday, “once the patch has had enough time to soak,” and will issue updates at on Twitter, according to its writeup.
On Wednesday, PAN published an advisory and an update to patch CVE-2021-3064. Randori has coordinated disclosure with PAN.
Below is the team’s video of the exploit: The Randori Attack Team found the zero day a year ago, developed a working exploit and used it against Randori customers (with authorization) over the past year. Going by a Shodan search of internet-exposed devices, Randori initially believed that there are “more than 70,000 vulnerable instances exposed on internet-facing assets.”ġ11021 17:30 UPDATE: Palo Alto Network informed Randori that the number of affected devices is closer to 10,000. Randori researchers said in a Wednesday post that if an attacker successfully exploits the weakness, they can gain a shell on the targeted system, access sensitive configuration data, extract credentials and more.Īfter that, attackers can dance across a targeted organization, they said: “Once an attacker has control over the firewall, they will have visibility into the internal network and can proceed to move laterally.”