Palo Alto Networks Vulnerability Could Be Exploited By Foreign Hackers

US Cyber Command highlights Palo Alto Networks security patch, citing foreign espionage

The flaw exists in PAN-OS, the operating system on firewalls and corporate virtual private network application products.

The problem stems from improper verification of cryptographic signatures, as an advisory by Palo Alto explains.

"Resources that can be protected by SAML-based single sign-on (SSO) authentication are GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, and Prisma Access", Palo Alto Networks shared. An unauthenticated attacker with network access could exploit this flaw to obtain sensitive information, the U.S. Cybersecurity and Infrastructure Security Agency said. Palo Alto Networks has provided instructions for doing that in a way that doesn't break the authentication capability for users.

PAN said that the issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; and all versions of PAN-OS 8.0 (EOL).

Similar flaws in SSL VPN appliance, including vulnerabilities in Pulse Connect Secure (CVE-2019-11510) and Citrix Application Delivery Controller and Gateway (CVE-2019-19781), that arose past year have been exploited in an ongoing run of targeted attacks.

Palo Alto Networks says that there is now no indication of the vulnerability being under active attack. There isn't now any evidence of hackers actively exploiting this vulnerability, according to Palo Alto Networks.


The security flaw is restricted to cases where enterprises use SAML-based authentication in their security appliance setup.

"These providers include Okta, SecureAuth, SafeNet Trusted Access, Duo, Trusona via Azure AD, Azure AD and Centrify".

Disabling cert verification is another necessary precondition for an attack, but this is likewise commonplace in enterprises.

US cyber officials are urging American companies and individuals who rely on a popular security product to update their systems immediately, before foreign hackers can exploit a flaw in the technology to steal protected information. No working PoC code available for this vulnerability as of yet.

"Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML [Security Assertion Markup Language] is in use".

Cyber Command said in a tweet that advanced hacking groups "will likely attempt exploit soon".

Related:

Comments

Latest news

Trump promotes video of a supporter saying 'white power'
The video also shows anti-Trump protesters shouting "Nazi", "racist", and profanities at the Trump backers. The tweet was deleted from Trump's Twitter page about two hours after it was posted.

Invite Up to 100 People to an Amazon Prime Video Watch Party
Its streaming platform, Twitch, offered watch alongs but now this feature us much more easily accessible to Prime users. The company is now beta testing the feature, which supports chat with up to 100 people and doesn't require a plug-in.

Pakistan players cleared after COVID tests
Pakistan are scheduled to play three Test matches and three Twenty20 internationals behind closed doors in August-September. The tourists will then move to Derbyshire's Incora County Ground on July 13 to begin internal warm-up matches.

Nitin Menon becomes the youngest umpire to join ICC Elite Panel
I also feel this is a responsibility on me to take Indian umpires forward and help them by sharing my experiences. This is reflected in the fact that he already has featured in three Tests, 24 ODIs and 16 T20Is in men's cricket.

MLB won’t provide players to affiliates, cancelling minor-league season
The National Association of Professional Baseball Leagues, the minor league governing body, made the long-expected announcement. But the Lake Monsters aren't alone.

Other news