A critical severity authentication bypass vulnerability in certain configurations of Palo Alto Networks PAN-OS devices using Security Assertion Markup Language (SAML) authentication has been discovered.
On June 29, 2020, Palo Alto issued a security advisory for PAN-OS versions with SAML authentication enabled and the ‘Validate Identity Provider Certificate’ option disabled (unchecked). Improper verification of signatures in PAN-OS SAML authentication could allow an unauthenticated network-based attacker to access protected resources.
Mark Bell, EVP of operations at Digital Defense, Inc., a provider of vulnerability and threat management solutions had this comment:
The fact that these devices are generally externally facing and the simplicity of exploiting the Palo Alto PAN-OS vulnerability significantly increases the threat exposure. Bad actors are probably already scanning the internet looking for vulnerable instances.
Here’s some specific details about this issue. Affected versions of PAN-OS are:
- PAN-OS 9.1 versions earlier than PAN-OS 9.1.3
- PAN-OS 9.0 versions earlier than PAN-OS 9.09
- PAN-OS 8.1 versions earlier than PAN-OS 8.1.15
- All versions of PAN-OS 8.0 (EOL)
This issue does not affect PAN-OS 7.1
This issue cannot be exploited if SAML is not used for authentication.
This issue cannot be exploited if the ‘Validate Identity Provider Certificate’ option is enabled (checked) in the SAML Identity Provider Server Profile.
Palo Alto Networks provided a patch for this vulnerability and indicated they are not aware of any malicious attempts to exploit this vulnerability at this time.
The Digital Defense Vulnerability Research Team is developing checks for the condition for its Frontline.Cloud vulnerability management solution as more information is made available.
Like this:
Like Loading...
Related
This entry was posted on July 7, 2020 at 12:24 pm and is filed under Commentary with tags Digital Defense. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Palo Alto PAN-OS: Authentication Bypass in SAML Authentication Discovered
A critical severity authentication bypass vulnerability in certain configurations of Palo Alto Networks PAN-OS devices using Security Assertion Markup Language (SAML) authentication has been discovered.
On June 29, 2020, Palo Alto issued a security advisory for PAN-OS versions with SAML authentication enabled and the ‘Validate Identity Provider Certificate’ option disabled (unchecked). Improper verification of signatures in PAN-OS SAML authentication could allow an unauthenticated network-based attacker to access protected resources.
Mark Bell, EVP of operations at Digital Defense, Inc., a provider of vulnerability and threat management solutions had this comment:
The fact that these devices are generally externally facing and the simplicity of exploiting the Palo Alto PAN-OS vulnerability significantly increases the threat exposure. Bad actors are probably already scanning the internet looking for vulnerable instances.
Here’s some specific details about this issue. Affected versions of PAN-OS are:
This issue does not affect PAN-OS 7.1
This issue cannot be exploited if SAML is not used for authentication.
This issue cannot be exploited if the ‘Validate Identity Provider Certificate’ option is enabled (checked) in the SAML Identity Provider Server Profile.
Palo Alto Networks provided a patch for this vulnerability and indicated they are not aware of any malicious attempts to exploit this vulnerability at this time.
The Digital Defense Vulnerability Research Team is developing checks for the condition for its Frontline.Cloud vulnerability management solution as more information is made available.
Share this:
Like this:
Related
This entry was posted on July 7, 2020 at 12:24 pm and is filed under Commentary with tags Digital Defense. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.