CVE-2021-3048

5.9 MEDIUM

Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding

Published: 2021-08-11 · Last updated: 2026-06-17

Severity and scoring

CVSS: 5.9 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20

Affected products

Vendor	Product
paloaltonetworks	pan-os

Description

Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic. This issue impacts: PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 8.1 and PAN-OS 10.1 versions are not impacted.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3048
[Other]https://security.paloaltonetworks.com/CVE-2020-3048
[Vendor advisory]https://security.paloaltonetworks.com/CVE-2021-3048
[Other]https://security.paloaltonetworks.com/CVE-2020-3048

Related CVEs

Same vendor

CVE-2026-0257 — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ... (9.1 CRITICAL)
CVE-2025-0130 — A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to... (7.5 HIGH)
CVE-2021-3057 — A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker ... (8.1 HIGH)
CVE-2021-3055 — An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an au... (6.5 MEDIUM)
CVE-2021-3054 — A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authentica... (7.2 HIGH)

Same CWE

CVE-2026-12191 — A vulnerability was found in Comma AI Openpilot 0.11 (7.8 HIGH)
CVE-2026-45013 — ApostropheCMS is an open-source Node.js content management system (8.1 HIGH)
CVE-2026-54133 — jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP app... (9.8 CRITICAL)
CVE-2026-47196 — Quest Bot is an opensource Discord Bot
CVE-2026-50633 — A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an atta... (8.1 HIGH)