Palo Alto officially issued a risk notification that bypassed the SAML authentication mechanism. The vulnerability number is CVE-2020-2021, and the vulnerability level is high risk.
This issue is applicable only where SAML authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled (unchecked) in the SAML Identity Provider Server Profile.
This issue cannot be exploited if SAML is not used for authentication.
This issue cannot be exploited if the ‘Validate Identity Provider Certificate’ option is enabled in the SAML Identity Provider Server Profile.
“In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal, or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0.”
- PAN-OS 9.1：<9.1.3
- PAN-OS 9.0：<9.0.9
- PAN-OS 8.1：<8.1.15
- PAN-OS 8.*
- PAN-OS >=9.1.3
- PAN-OS >=9.0.9
- PAN-OS >=8.1.15
We recommend that users install the latest patches in a timely manner to avoid being hacked.