Cyber Security Specialists 1800 816 044 info@vectra-corp.com

Palo Alto Releases Security Updates for PAN-OS

Severity: CRITICAL

What is affected: This issue is fixed in PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later versions.

Description: Palo Alto Networks has released security updates to address a vulnerability affecting the use of Security Assertion Markup Language in PAN-OS. An unauthenticated attacker with network access could exploit this vulnerability to obtain sensitive information.

When Security Assertion Markup Language (SAML) authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability.

Advice: Vectra encourages users and administrators to review Palo Alto Security Advisory for CVE-2020-2021 and apply the necessary updates or workarounds.

 

Contact Vectra

Fill out the form and we’ll be in touch as soon as possible or call our team on 1800 816 044.

Contact Us - Popup
Banking & Finance
Airlines
Major Retailers
Health
Service Providers
Government
Insurance
Media & Entertainment
TOP
Contact us