Security News > 2020 > June > Critical flaw opens Palo Alto Networks firewalls and VPN appliances to attack, patch ASAP!
Palo Alto Networks has patched a critical and easily exploitable vulnerability affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible.
Affected PAN-OS versions include versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0.
"Resources that can be protected by SAML-based single sign-on authentication are GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls and Panorama web interfaces, and Prisma Access," Palo Alto Networks shared.
Palo Alto Networks says that there is currently no indication of the vulnerability being under active attack.
Palo Alto Networks has provided instructions for doing that in a way that doesn't break the authentication capability for users.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/gQfAiw7HsSk/
Related news
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- Palo Alto firewalls under attack as miscreants chain flaws for root access (source)
- Palo Alto Networks tags new firewall bug as exploited in attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)