The existence of a critical RCE vulnerability (CVE-2021-3064) affecting certain versions of Palo Alto Networks (PAN) firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months.

The vulnerability has been patched, but since there are still over 10,000 vulnerable internet-facing installations out there, Randori (the aforementioned cybersecurity company) will refrain from publishing technical details related to the vulnerability for a month, to give affected organizations enough time to patch.