Palo Alto Networks PAN-OS 8.0.x < 8.1.15 / 8.1.x < 8.1.15 / 9.0.x < 9.0.9 / 9.1.x < 9.1.3 Authentication Bypass in SAML Authentication (CVE-2020-2021)
critical Nessus Plugin ID 137880
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote PAN-OS host is affected by an authentication bypass vulnerability.Description
The version of Palo Alto Networks PAN-OS running on the remote host is 8.0.x prior to 8.1.15 or 8.1.x prior to 8.1.15 or 9.0.x prior to 9.0.9 or 9.1.x prior to 9.1.3. It is, therefore, affected by a SAML authentication bypass vulnerability.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to PAN-OS 8.1.15 / 8.1.15 / 9.0.9 / 9.1.3 or laterSee Also
Plugin Details
Severity: Critical
ID: 137880
File Name: palo_alto_CVE-2020-2021.nasl
Version: 1.6
Type: combined
Family: Palo Alto Local Security Checks
Published: 6/29/2020
Updated: 10/13/2020
Dependencies: palo_alto_version.nbin
Risk Information
CVSS Score Source: CVE-2020-2021
VPR
Risk Factor: Critical
Score: 9.2
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:U/RL:OF/RC:C
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:paloaltonetworks:pan-os
Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version, Host/Palo_Alto/Firewall/Source
Exploit Ease: No known exploits are available
Patch Publication Date: 6/29/2020
Vulnerability Publication Date: 6/29/2020
Reference Information
CVE: CVE-2020-2021
IAVA: 2020-A-0282-S
CWE: 347