{"id":14889,"date":"2020-06-30T10:25:24","date_gmt":"2020-06-30T08:25:24","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14889"},"modified":"2020-06-30T10:25:24","modified_gmt":"2020-06-30T08:25:24","slug":"cve-2020-2021-in-palo-alto-networks-gerten-patchen","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/06\/30\/cve-2020-2021-in-palo-alto-networks-gerten-patchen\/","title":{"rendered":"Alert: Patch CVE-2020-2021 (in Palo Alto Networks products)"},"content":{"rendered":"

[German<\/a>]Warning about the SAML vulnerability CVE-2020-2021 in various devices from the vendor Palo Alto and similar products. It can be assumed that the vulnerability will soon be exploited by cyber criminals to penetrate networks. <\/p>\n

<\/p>\n

CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication<\/h3>\n

\"\"The vulnerability CVE-2020-2021<\/a> (Authentication Bypass in SAML Authentication) exists in various Palo Alto Networks (PAN) products in their PAN-OS operating system. If SAML authentication (Security Assertion Markup Language) is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper signature verification during PAN-OS SAML authentication allows an unauthenticated network-based attacker to access protected resources. <\/p>\n

The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue cannot be exploited if SAML is not used for authentication. This issue affects PAN-OS 9.1 versions prior to PAN-OS 9.1.3; PAN-OS 9.0 versions prior to PAN-OS 9.0.9; PAN-OS 8.1 versions prior to PAN-OS 8.1.15 and all versions of PAN-OS 8.0 (EOL). This problem does not affect PAN-OS 7.1.<\/p>\n

Affected systems<\/h2>\n

Resources that can be protected by SAML-based Single Sign-On (SSO) authentication are, according to Palo Alto Networks:<\/p>\n

GlobalProtect Gateway,
GlobalProtect Portal,
GlobalProtect Clientless VPN,
Authentication and Captive Portal,
PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces,
Prisma Access<\/p>\n

In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. <\/p>\n

There is no impact on the integrity and availability of the gateway, portal, or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:N).<\/p>\n

In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log on as administrator and perform administrative actions. <\/p>\n