Security News > 2020 > June > US Cyber Command: Foreign APTs Likely to Exploit New Palo Alto Networks Flaw
Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber Command believes foreign APTs will likely attempt to exploit it soon.
"When Security Assertion Markup Language authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability," Palo Alto Networks explained in an advisory.
In the case of Palo Alto Networks' GlobalProtect, Captive Portal, and Prisma Access products, an unauthenticated attacker who has network access to the targeted server can exploit the vulnerability to access protected resources.
While Palo Alto Networks' advisory says the company is not aware of malicious attempts to exploit CVE-2020-2021, USCYBERCOM warned on Twitter that "Foreign APTs will likely attempt exploit soon."
APT groups exploiting vulnerabilities in Palo Alto Networks products is not unheard of.
News URL
Related news
- Exploit released for Palo Alto PAN-OS bug used in attacks, patch now (source)
- Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation (source)
- Exploit code for Palo Alto Networks zero-day now public (source)
- 'Four horsemen of cyber' look back on 2008 DoD IT breach that led to US Cyber Command (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-29 | CVE-2020-2021 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Pan-Os When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. | 9.3 |