Palo Alto Networks has emitted its second software update in as many weeks to address a potentially serious security vulnerability in its products.
The vendor on Wednesday issued an advisory for CVE-2020-2034, a remote code execution flaw in its PAN-OS GlobalProtect portal, which can be exploited by a remote unauthenticated miscreant to execute arbitrary commands on the gateway as a superuser:
No in-the-wild attacks have been reported... yet. Palo Alto confirmed to The Register that GlobalProtect is not enabled by default, though anecdotal evidence suggests it's widely used. Short of applying the PAN-OS updates, there is no way to mitigate the vulnerability, other than turning off GlobalProtect.
This latest Palo Alto advisory comes just ..
Support the originator by clicking the read the rest link below.
