US Government Warns of Palo Alto Vulnerability
The US government has warned of a critical flaw in Palo Alto Networks equipment that could enable attackers to take over its devices with minimal skill.
The warning, issued by US Cyber Command, urged people to patch all devices affected by the vulnerability immediately. It said that foreign advanced persistent threat actors will attempt to exploit it soon.
Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. Foreign APTs will likely attempt exploit soon. We appreciate @PaloAltoNtwks’ proactive response to this vulnerability. https://t.co/WwJdil5X0F— USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert) June 29, 2020
As a user of these products, US Cyber Command would have reason to worry about foreign nation-states targeting its networks and those of its partners. It is one of eleven unified commands at the US Department of Defense, and oversees the US military's cyberspace operations.
The vulnerability, CVE-2020-2021, concerns the authentication process in PAN-OS, which is the operating system driving Palo Alto firewalls. When authentication using the Security Assertion Markup Language (SAML) is enabled and the 'Validate Identity Provider Certificate' option is unchecked, the system doesn't verify signatures properly, enabling someone to gain unauthenticated access to protected resources over a network.
Although it has a severity of 10—the highest possible—this is not a remote code executio ..