Security News > 2020 > June > Critical flaw opens Palo Alto Networks firewalls and VPN appliances to attack, patch ASAP!
Palo Alto Networks has patched a critical and easily exploitable vulnerability affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible.
Affected PAN-OS versions include versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0.
"Resources that can be protected by SAML-based single sign-on authentication are GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls and Panorama web interfaces, and Prisma Access," Palo Alto Networks shared.
Palo Alto Networks says that there is currently no indication of the vulnerability being under active attack.
Palo Alto Networks has provided instructions for doing that in a way that doesn't break the authentication capability for users.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/gQfAiw7HsSk/
Related news
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- Patch now: Critical Nvidia bug allows container escape, complete host takeover (source)
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)