Palo Alto Networks PAN-OS Vulnerable to Authentication Bypass (CVE-2020-2021)

Palo Alto Networks published an advisory for a critical flaw in the PAN-OS, a custom operating system used in their next-generation firewalls. The vendor assigned a CVSSv3.1 score of 10.0, the highest possible score.

The vulnerability, identified as CVE-2020-2021, is an authentication bypass vulnerability in the Security Assertion Markup Language (SAML) authentication in PAN-OS. Under certain configurations, an attacker could exploit the flaw to gain access to “protected resources.” Despite the prerequisite, these configurations appear to be commonly recommended by identity providers.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.