Palo Alto issued an advisory (CVE-2020-2021) with a critical vulnerability (CVSS 10) for it's GlobalProtect/VPNGateways, PAN-OS Firewalls and Authentication-Portals
from the Advisory:
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources.
Resources that can be protected by SAML-based single sign-on (SSO) authentication are:
- GlobalProtect Gateway,
- GlobalProtect Portal,
- GlobalProtect Clientless VPN,
- Authentication and Captive Portal,
- PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces,
- Prisma Access
please pass this information to responsible tech/firewall/network - department.
Remarks
Fragen? Kontakt: info@zero.bs