Palo Alto issues critical fix for firewall OS

Palo Alto Networks has issued a critical security update warning of an Security Assertion Markup Language in PAN-OS, the software that runs all the company's next-generation firewalls.

The security flaw in the operating system's Security Assertion Markup Language (SAML) authentication was discovered by Salman Khan from the cyber risk and resilience team and Cameron Duck from the identity services team at Monash University.

According to Palo Alto, the vulnerability could potentially be exploited to bypass authentication and take full control of systems or gain access to victims' networks, the company has warned.

To exploit the vulnerability, an attacker would need to have network access to an unpatched server running vulnerable versions of the OS, which include all PAN-OS 9.1 versions earlier than PAN-OS 9.1.3, as well as all PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.

The flaw can also only be exploited if SAML is being used for authentication and an option to validate identity provider certificates is left unchecked.

Palo Alto added that it is not aware of any attempts to exploit the vulnerability in the wild.

But authorities including the US Cybersecurity and Infrastructure Security Agency have urged businesses running vulnerable versions of the firewalls to apply Palo Alto's security updates as soon as possible, warning that foreign APT groups will likely attempt to incorporate exploits into their arsenals soon.

If this cannot be done, the firewalls can be configured to either disable SAML for identification or enable validation of certificates. Unfortunately, reports suggest that a number of vendors require having the validation option disabled.

Image credit: ©stock.adobe.com/au/Kwarkot