Palo Alto issues critical fix for firewall OS


By Dylan Bushell-Embling
Friday, 03 July, 2020


Palo Alto issues critical fix for firewall OS

Palo Alto Networks has issued a critical security update warning of an Security Assertion Markup Language in PAN-OS, the software that runs all the company's next-generation firewalls.

The security flaw in the operating system's Security Assertion Markup Language (SAML) authentication was discovered by Salman Khan from the cyber risk and resilience team and Cameron Duck from the identity services team at Monash University.

According to Palo Alto, the vulnerability could potentially be exploited to bypass authentication and take full control of systems or gain access to victims' networks, the company has warned.

To exploit the vulnerability, an attacker would need to have network access to an unpatched server running vulnerable versions of the OS, which include all PAN-OS 9.1 versions earlier than PAN-OS 9.1.3, as well as all PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.

The flaw can also only be exploited if SAML is being used for authentication and an option to validate identity provider certificates is left unchecked.

Palo Alto added that it is not aware of any attempts to exploit the vulnerability in the wild.

But authorities including the US Cybersecurity and Infrastructure Security Agency have urged businesses running vulnerable versions of the firewalls to apply Palo Alto's security updates as soon as possible, warning that foreign APT groups will likely attempt to incorporate exploits into their arsenals soon.

If this cannot be done, the firewalls can be configured to either disable SAML for identification or enable validation of certificates. Unfortunately, reports suggest that a number of vendors require having the validation option disabled.

Image credit: ©stock.adobe.com/au/Kwarkot

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd