Palo Alto Networks (PAN) today addressed another severe vulnerability found in the PAN-OS GlobalProtect portal and affecting unpatched PAN next-generation firewalls.
On June 29, PAN also patched a critical vulnerability (CVE-2020-2021) with a 10/10 CVSSv3 rating, allowing unauthenticated network-based attackers to bypass authentication on PAN-OS devices with SAML auth enabled and the 'Validate Identity Provider Certificate' option disabled.
The OS command injection vulnerability patched today and tracked as CVE-2020-2034 allows unauthenticated remote attackers to execute arbitrary OS commands with root privileges on unpatched devices.
The CVE-2020-2034 vulnerability has been rated as high severity with a CVSS 3.x base score of 8.1, and it can be exploited by threat actors with network access to vulnerable servers as part of high complexity attacks that don't require user interaction.
Only affects devices with GlobalProtect portal enabled
"This issue can not be exploited if GlobalProtect portal feature is not enabled," PAN's security advisory explains. "Prisma Access services are not impacted by this vulnerability."
The table embedded below includes the affected PAN-OS versions, as well as those that received patches from Palo Alto Networks to defend against potential attacks (the issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all newer versions.)
PAN-OS 7.1 and PAN-OS 8.0 are end-of-life and will not receive security updates to address this vulnerability.
Versions
Affected
Unaffected
9.1
< 9.1.3
>= 9.1.3
9
< 9.0.9
>= 9.0.9
8.1
< 8.1.15
>= 8.1.15
8
8.0.
7.1
7.1.
The vulnerability was discovered by Yamata Li of Palo Alto Networks Threat Research Team during an internal security review.
Attackers need additional knowledge for exploitation
"An attacker wo ..
Support the originator by clicking the read the rest link below.
