[ SB 20.23 ] Critical Vuln in PaloAlto VPN-Gateways and Firewalls (CVE-2020-2021)

Palo Alto issued an advisory (CVE-2020-2021) with a critical vulnerability (CVSS 10) for it's GlobalProtect/VPNGateways, PAN-OS Firewalls and Authentication-Portals

from the Advisory:

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources.

Resources that can be protected by SAML-based single sign-on (SSO) authentication are:

  • GlobalProtect Gateway,
  • GlobalProtect Portal,
  • GlobalProtect Clientless VPN,
  • Authentication and Captive Portal,
  • PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces,
  • Prisma Access

please pass this information to responsible tech/firewall/network - department.


Fragen? Kontakt: info@zero.bs