A new critical CVE-2020-2021 was released regarding PaloAlto appliances on June 29th of this year. Anyone using a PaloAlto appliance with SAML authentication enabled could be vulnerable.

“When Security Assertion Markup Language (SAML) authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources.”

See reference for affected versions and update recommendations.

According to Palo Alto, if you use GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, or Prisma Access, it is possible for an attacker to “gain access to protected resources.” Further, if you use PAN-OS and/or Panorama web interfaces, this issue allows an attacker to log in as administrator and perform administrative tasks without credentials.

The vulnerability is regarded as a 10/10 critical. A patch for PAN-OS has been released, and should be applied as soon as possible.

 

Stay cyber-safe,

SecuLore Support Team

Other Alerts

  • Cyber Alert: Mitel and Oracle Vulnerabilities

    2025-01-13

  • Cyber Alert: Ivanti Connect Secure Flaw

    2025-01-13

  • Cyber Alert: Zyxel Firewall Vulnerability

    2024-12-05

  • Cyber Alert: Array Networks Critical Vulnerability

    2024-12-02

  • Cyber Alert: Palo Alto Expedition Migration Vulnerability

    2024-11-12

Cybersecurity for Critical Infrastructure

SecuLore provides Managed Detection and Response (MDR) to protect our nation’s critical infrastructure from cyber threats. Our expertise is built on deep knowledge of 9-1-1 technology, cyberwarfare, and ethical hacking, ensuring the highest level of cybersecurity for public safety agencies.

  • 24/7 Vulnerability & Threat Monitoring

  • Automated & AI Threat Detection

  • Specialized Threat Intelligence

  • Proactive Threat Hunting

  • Incident Response & Remediation

  • Forensics & Root Cause Analysis