Security News > 2020 > June > US Cyber Command: Foreign APTs Likely to Exploit New Palo Alto Networks Flaw
Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber Command believes foreign APTs will likely attempt to exploit it soon.
"When Security Assertion Markup Language authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability," Palo Alto Networks explained in an advisory.
In the case of Palo Alto Networks' GlobalProtect, Captive Portal, and Prisma Access products, an unauthenticated attacker who has network access to the targeted server can exploit the vulnerability to access protected resources.
While Palo Alto Networks' advisory says the company is not aware of malicious attempts to exploit CVE-2020-2021, USCYBERCOM warned on Twitter that "Foreign APTs will likely attempt exploit soon."
APT groups exploiting vulnerabilities in Palo Alto Networks products is not unheard of.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-29 | CVE-2020-2021 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Pan-Os When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. | 9.3 |