Critical vulnerability in
PAN-OS SAML authentication

Posted on June 29th, 2020

Overview

On June 29th, 2020 Palo Alto released a security advisory on the CVE-2020-2021 vulnerability affecting various PAN-OS versions. This vulnerability allows an unauthenticated attacker access to protected resources by taking advantage of improper verification of signatures in PAN-OS SAML authentication.

Successful exploitation of this vulnerability against PAN-OS and Panorama web interfaces could allow an unauthenticated attacker to perform administrative actions.

Threat Intelligence

Neither the Masergy Threat Intelligence team nor the security team at Palo Alto is currently aware of any proof-of-concepts being publicly available or active exploitation in-the-wild. We assess that it is likely sophisticated actors will pursue the weaponization of these exploits. The Masergy Threat Intelligence team will continue to monitor the situation as it develops.

Vulnerabilities

Systems Affected

Recommendations

We recommend the following actions be taken:

References

Palo Alto:

https://security.paloaltonetworks.com/CVE-2020-2021