Critical Security Bug May Allow Attackers to Bypass Firewalls And Corporate VPN Products

A major security threat

• It was found that due to the improper verification of signatures, hackers may be able to exploit the Security Assertion Markup Language (SAML) authentication of the PAN-OS, and may gain access to “protected resources” within a network.
• The bug, tracked as CVE-2020-2021, is a rare security issue and has received a score of 10 out of 10 on the CVSSv3 scale, which reflects that it is technically easy to exploit, and also can be exploited remotely via the internet.
• The bug can be exploited only in a specific configuration when the 'Validate Identity Provider Certificate' option is disabled and SAML (Security Assertion Markup Language) is enabled. Unfortunately, this configuration is used by several authentication solutions from Centrify, Trusona, or Okta, which increases the risks of its exploitation.

Other recent threats

• In February, a vulnerability (tracked as CVE-2020-1975) was identified in the PAN-OS v8.1.11 and v9.0.5, which could allow a malicious user to inject arbitrary XML on the affected system.
• In December last year, a critical vulnerability (CVE-2019-17440) was identified in the PAN-OS 9.0.0 to 9.0.5, which could allow a malicious user to execute arbitrary codes to compromise the targeted system.

Solution