The impact of this issue announcement is high – critical. Please act accordingly to rectify the issue, as stated below.
What you need to know:
An authentication-bypass vulnerability in Palo Alto allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.
Users of Palo Alto are vulnerable to attack until the vulnerability is patched.
CISA doesn’t typically issue a warning on just any security flaw in vendors’ enterprise products. However, the agency’s cause for concern seems to be that the vulnerability has been rated the highest score on the CVSSv3 severity scale—a 10 out of 10.
Actions to be taken:
Patch Palo Alto firewalls.
What is the impact of not doing the actions?
The vulnerability basically allows for authentication bypass, so threat actors can access the device without having to provide any credentials. However, hackers can only exploit the flaw when SAML authentication is enabled and the “Validate Identity Provider Certificate” option is disabled (unchecked), according to researchers.