A new critical CVE-2020-2021 was released regarding PaloAlto appliances on June 29th of this year. Anyone using a PaloAlto appliance with SAML authentication enabled could be vulnerable.
“When Security Assertion Markup Language (SAML) authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources.”
See reference for affected versions and update recommendations.
According to Palo Alto, if you use GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, or Prisma Access, it is possible for an attacker to “gain access to protected resources.” Further, if you use PAN-OS and/or Panorama web interfaces, this issue allows an attacker to log in as administrator and perform administrative tasks without credentials.
The vulnerability is regarded as a 10/10 critical. A patch for PAN-OS has been released, and should be applied as soon as possible.
Stay cyber-safe,
SecuLore Support Team
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.