⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-15.

CVE-2020-2021Improper Verification of Cryptographic Signature in Palo Alto Networks Pan-os

CWE-347Improper Verification of Cryptographic Signature48 documents18 sources
Severity
10.0CRITICALNVD
EPSS
19.0%
top 4.68%
CISA KEV
KEVRansomware
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedJun 29
KEV addedMar 25
KEV dueApr 15
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages3 packages

NVDpaloaltonetworks/pan-os8.1.08.1.15+3
CVEListV5palo_alto_networks/pan-os8.18.1.15+3
Palo Altopaloalto/pan-os

🔴Vulnerability Details

3
GHSA
GHSA-84wc-9427-hw23: When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecke2022-05-24
CVEList
PAN-OS: Authentication Bypass in SAML Authentication2020-06-29
VulnCheck
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability2020

💥Exploits & PoCs

3
Exploit-DB
qdPM 9.1 - Remote Code Execution (Authenticated)2021-08-04
Exploit-DB
WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution (Unauthenticated)2021-06-08
Nuclei
Canon Devices - Authentication Bypass in Catwalk Server

📋Vendor Advisories

14
CISA
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability2022-03-25
Oracle
Oracle Oracle Communications Risk Matrix: Realtime db (Perl) — CVE-2020-105432021-10-15
Oracle
Oracle Oracle Retail Applications Risk Matrix: Segment (Google Guava) — CVE-2020-89082021-10-15
Oracle
Oracle Oracle Commerce Risk Matrix: Dynamo Application Framework (Coherence) — CVE-2020-25552021-07-15
Oracle
Oracle Oracle PeopleSoft Risk Matrix: File Processing (cURL) — CVE-2020-82862021-04-15

🕵️Threat Intelligence

1
Trendmicro
Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising2021-08-09

💬Community

2
Bugzilla
CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution2020-10-12
Bugzilla
CVE-2020-13920 activemq: improper authentication allows MITM attack2020-09-17
CVE-2020-2021 — Palo Alto Networks Pan-os vulnerability | cvebase