Severity Rating: Critical
Software Affected
PAN-OS 9.1 versions prior to PAN-OS 9.1.3
PAN-OS 9.0 versions prior to PAN-OS 9.0.9
PAN-OS 8.1 versions prior to PAN-OS 8.1.15
PAN-OS 8.0 (EOL)
Overview
A vulnerability has been reported in PAN-OS which could allow an
unauthenticated, remote attacker to gain access of protected resources.
Description
This vulnerability exists in Security Assertion Markup Language (SAML)
authentication in PAN-OS due to improper verification of cryptographic
signature. The vulnerability could be exploited when Security Assertion
Markup Language (SAML) authentication is enabled and the 'Validate Identity
Provider Certificate' option is disabled. An unauthenticated remote
attacker with network access to the vulnerable server could exploit this
vulnerability to gain access of protected resources within the network.
Successful exploitation of this vulnerability could allow the attacker to
conduct further attacks such as gaining administrative rights to compromise
the system.
The vulnerability cannot be exploited if;
· SAML is not used for authentication.
· 'Validate Identity Provider Certificate' option is enabled
(checked) in the SAML Identity Provider Server Profile.
Solution
Apply appropriate updates as mentioned in:
Vendor Information
Paloalto
Reference
Paloalto
Reddit
Tenable
https://www.tenable.com/blog/cve-2020-2021-palo-alto-networks-pan-os-vulnerable-to-critical-authentication-bypass
CVE Name
(CVE-2020-2021)
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.