1. Reverse Engineering >
  2. Exploits >
  3. CVE-2020-2021

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

CVE-2020-2021


Exploits vom | Direktlink: web.nvd.nist.gov Nachrichten Bewertung

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1. This issue cannot be exploited if SAML is not used for authentication. This issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile. Resources that can be protected by SAML-based single sign-on (SSO) authentication are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, Prisma Access In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability....

Externe Webseite mit kompletten Inhalt öffnen



https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2021

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • USN-3415-1: tcpdump vulnerabilities

    vom 542.91 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixe
  • USN-3415-2: tcpdump vulnerabilities

    vom 542.91 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump
  • The March 2020 Security Update Review

    vom 540.79 Punkte ic_school_black_18dp
    March is upon us, and it brings a bumper crop of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for March 2020Oddly, Adobe
  • The June 2020 Security Update Review

    vom 529.86 Punkte ic_school_black_18dp
    June is here, and it brings with it a record number of security patches from Microsoft, and a few from Adobe as well. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe
  • The May 2020 Security Update Review

    vom 524.89 Punkte ic_school_black_18dp
    May is upon us, and with it brings another bumper crop of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for May 2020The Adobe updat
  • The April 2020 Security Update Review

    vom 519.92 Punkte ic_school_black_18dp
    April is here, and it brings another cornucopia of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for April 2020For April, Ad
  • The February 2020 Security Update Review

    vom 509.52 Punkte ic_school_black_18dp
    February is here, and with it comes some significant security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2020The Adobe
  • USN-3131-1: ImageMagick vulnerabilities

    vom 310.66 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3131-1 21st November, 2016 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several sec
  • USN-3131-1: ImageMagick vulnerabilities

    vom 310.66 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3131-1 21st November, 2016 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several sec
  • Movierulz 2020 | Download Watch Telugu Bollywood and Hollywood Full Movies Online Free

    vom 288.16 Punkte ic_school_black_18dp
    Movierulz - Download watch latest Bollywood Hollywood Hindi English Telugu Tamil Malayalam Dubbed Kannada Marathi Punjabi movies online free movierulz torrent8Movierulz.ws- Download Watch Telugu Bollywood and Hollywood Full Movies Online FreeThe torre
  • The January 2020 Security Update Review

    vom 278.05 Punkte ic_school_black_18dp
    Welcome to the new year, and welcome to the first Patch Tuesday of 2020. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for January 2020Adobe begins the ye
  • CentOS Blog: CentOS Community newsletter, April 2020 (#2004)

    vom 264.52 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, I hope you are all well. I know that this is a very difficult time for all of you, and that you likely have other things on your mind than CentOS, so I'll try to make it interesting this month. In this edition: News Releases and updates Event

Team Security Diskussion über CVE-2020-2021