Show plain JSON{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "GlobalProtect App", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "5.1.8", "status": "unaffected"}], "lessThan": "5.1.8", "status": "affected", "version": "5.1", "versionType": "custom"}, {"changes": [{"at": "5.2.4", "status": "unaffected"}], "lessThan": "5.2.4", "status": "affected", "version": "5.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks Christophe Schleypen from NCIA / NCIRC for discovering and reporting this issue."}], "datePublic": "2021-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-248", "description": "CWE-248 Uncaught Exception", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-20T03:15:18", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2021-3038"}], "solutions": [{"lang": "en", "value": "This issue is fixed in GlobalProtect app 5.1.8, GlobalProtect app 5.2.4, and all later GlobalProtect app versions."}], "source": {"defect": ["GPC-10983"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-04-14T00:00:00", "value": "Initial publication"}], "title": "GlobalProtect App: Windows VPN kernel driver denial of service (DoS)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2021-04-14T16:00:00.000Z", "ID": "CVE-2021-3038", "STATE": "PUBLIC", "TITLE": "GlobalProtect App: Windows VPN kernel driver denial of service (DoS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GlobalProtect App", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_name": "5.1", "version_value": "5.1.8"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "5.1", "version_value": "5.1.8"}, {"platform": "Windows", "version_affected": "<", "version_name": "5.2", "version_value": "5.2.4"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "5.2", "version_value": "5.2.4"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Christophe Schleypen from NCIA / NCIRC for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}, {"description": [{"lang": "eng", "value": "CWE-248 Uncaught Exception"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2021-3038", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2021-3038"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in GlobalProtect app 5.1.8, GlobalProtect app 5.2.4, and all later GlobalProtect app versions."}], "source": {"defect": ["GPC-10983"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-04-14T00:00:00", "value": "Initial publication"}], "x_advisoryEoL": false, "x_affectedList": ["GlobalProtect App 5.2.3", "GlobalProtect App 5.2.2", "GlobalProtect App 5.2.1", "GlobalProtect App 5.2.0", "GlobalProtect App 5.2", "GlobalProtect App 5.1.7", "GlobalProtect App 5.1.6", "GlobalProtect App 5.1.5", "GlobalProtect App 5.1.4", "GlobalProtect App 5.1.3", "GlobalProtect App 5.1.1", "GlobalProtect App 5.1.0", "GlobalProtect App 5.1"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:45:50.745Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2021-3038"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2021-3038", "datePublished": "2021-04-20T03:15:18.565071Z", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-09-16T17:49:11.570Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}