Palo Alto Networks company announced the availability of patches for security flaws in the PAN-OS product. Updates fix the following issues:

CVE-2021-3064 - Memory corruption vulnerability (CVSS score of 9.8) in GlobalProtect portal and gateway interfaces ;

CVE-2021-3058 - OS Command injection vulnerability (CVSS score of 8.8) in web interface XML API;

CVE-2021-3056 - Memory corruption vulnerability (CVSS score of 8.8) in GlobalProtect Clientless VPN during SAML authentication;

CVE-2021-3059 - OS Command injection vulnerability when performing dynamic updates (CVSS score of 8.1);

CVE-2021-3060 - OS Command injection in simple certificate enrollment protocol (SCEP) (CVSS score of 8.1);

CVE-2021-3062 - Improper access control vulnerability (CVSS score of 8.1);

CVE-2021-3063 - Denial-of-Service (DoS) vulnerability (CVSS score of 7.5) in GlobalProtect Portal and Gateway Interfaces;

CVE-2021-3061 - OS Command injection vulnerability (CVSS score of 6.4) in the Command Line Interface (CLI).