A new critical CVE-2020-2021 was released regarding PaloAlto appliances on June 29th of this year. Anyone using a PaloAlto appliance with SAML authentication enabled could be vulnerable.
“When Security Assertion Markup Language (SAML) authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources.”
See reference for affected versions and update recommendations.
According to Palo Alto, if you use GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, or Prisma Access, it is possible for an attacker to “gain access to protected resources.” Further, if you use PAN-OS and/or Panorama web interfaces, this issue allows an attacker to log in as administrator and perform administrative tasks without credentials.
The vulnerability is regarded as a 10/10 critical. A patch for PAN-OS has been released, and should be applied as soon as possible.
SecuLore Support Team