The flaw exists in PAN-OS, the operating system on firewalls and corporate virtual private network application products.
The problem stems from improper verification of cryptographic signatures, as an advisory by Palo Alto explains.
"Resources that can be protected by SAML-based single sign-on (SSO) authentication are GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, and Prisma Access", Palo Alto Networks shared. An unauthenticated attacker with network access could exploit this flaw to obtain sensitive information, the U.S. Cybersecurity and Infrastructure Security Agency said. Palo Alto Networks has provided instructions for doing that in a way that doesn't break the authentication capability for users.
PAN said that the issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; and all versions of PAN-OS 8.0 (EOL).
Similar flaws in SSL VPN appliance, including vulnerabilities in Pulse Connect Secure (CVE-2019-11510) and Citrix Application Delivery Controller and Gateway (CVE-2019-19781), that arose past year have been exploited in an ongoing run of targeted attacks.
Palo Alto Networks says that there is now no indication of the vulnerability being under active attack. There isn't now any evidence of hackers actively exploiting this vulnerability, according to Palo Alto Networks.
The security flaw is restricted to cases where enterprises use SAML-based authentication in their security appliance setup.
"These providers include Okta, SecureAuth, SafeNet Trusted Access, Duo, Trusona via Azure AD, Azure AD and Centrify".
Disabling cert verification is another necessary precondition for an attack, but this is likewise commonplace in enterprises.
US cyber officials are urging American companies and individuals who rely on a popular security product to update their systems immediately, before foreign hackers can exploit a flaw in the technology to steal protected information. No working PoC code available for this vulnerability as of yet.
"Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML [Security Assertion Markup Language] is in use".
Cyber Command said in a tweet that advanced hacking groups "will likely attempt exploit soon".
Pakistan players cleared after COVID tests
Pakistan are scheduled to play three Test matches and three Twenty20 internationals behind closed doors in August-September. The tourists will then move to Derbyshire's Incora County Ground on July 13 to begin internal warm-up matches.