US Cyber Command Says Foreign Hackers Will Most Likely Exploit New Palo Alto Networks Security Bug – Expert Insight

US Cyber Command said today that foreign state-sponsored hacking groups are likely to exploit a major security bug disclosed today in PAN-OS, the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks.   

The CVE-2020-2021 vulnerability is one of those rare security bugs that received a 10 out of 10 score on the CVSSv3 severity scale. A 10/10 CVSSv3 score means the vulnerability is both easy to exploit as it doesn’t require advanced technical skills, and it’s remotely exploitable via the internet, without requiring attackers to gain an initial foothold on the attacked device.   

In short, the vulnerability is an authentication bypass that allows threat actors to access the device without needing to provide valid credentials. Once exploited, the bug allows hackers to change PAN-OS settings and features. This is scary because it could be used to disable firewalls or VPN access-control policies, effectively disabling the entire PAN-OS device. 


EXPERTS COMMENTS
Bryan Skene, CTO,  Tempered
July 01, 2020
SAML has had its run, but it's time for a refresh.
This remote exploit is enabled by a very common setup on Palo Alto gear, namely bypassing identity provider certificate verification, and using SAML to interface with back-end authorization services. Half of the problem is the classic tradeoff that IT must make between security versus usability due to the difficulty in managing certificates. The other half of the problem is that ancient protocols ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article