The flaw exists in PAN-OS, the operating system on firewalls and corporate virtual private network application products.
The problem stems from improper verification of cryptographic signatures, as an advisory by Palo Alto explains.
"Resources that can be protected by SAML-based single sign-on (SSO) authentication are GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, and Prisma Access", Palo Alto Networks shared. An unauthenticated attacker with network access could exploit this flaw to obtain sensitive information, the U.S. Cybersecurity and Infrastructure Security Agency said. Palo Alto Networks has provided instructions for doing that in a way that doesn't break the authentication capability for users.
PAN said that the issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; and all versions of PAN-OS 8.0 (EOL).
Similar flaws in SSL VPN appliance, including vulnerabilities in Pulse Connect Secure (CVE-2019-11510) and Citrix Application Delivery Controller and Gateway (CVE-2019-19781), that arose past year have been exploited in an ongoing run of targeted attacks.
Palo Alto Networks says that there is now no indication of the vulnerability being under active attack. There isn't now any evidence of hackers actively exploiting this vulnerability, according to Palo Alto Networks.
The security flaw is restricted to cases where enterprises use SAML-based authentication in their security appliance setup.
"These providers include Okta, SecureAuth, SafeNet Trusted Access, Duo, Trusona via Azure AD, Azure AD and Centrify".
Disabling cert verification is another necessary precondition for an attack, but this is likewise commonplace in enterprises.
US cyber officials are urging American companies and individuals who rely on a popular security product to update their systems immediately, before foreign hackers can exploit a flaw in the technology to steal protected information. No working PoC code available for this vulnerability as of yet.
"Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML [Security Assertion Markup Language] is in use".
Cyber Command said in a tweet that advanced hacking groups "will likely attempt exploit soon".
Matt Hancock: ‘My heart goes out to the people of Leicester’
Harsher restrictions are coming into force in Leicester following a surge in the number of coronavirus cases in the city. What support is available for the people of Leicester? Mr Hancock added: "We are providing funding for local support".
Pence urges people to wear masks as United States cases surge
"We need to understand that COVID-19 has taken a very swift and very risky turn in Texas over just the past few weeks", he said . Health minister Zwelini Mkhize said the current rise in infections has come from people who "moved back into the workplace".