SB2020111223 - Authenticatoin bypass in Pan-OS GlobalProtect SSL VPN

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020111223

SB2020111223 - Authenticatoin bypass in Pan-OS GlobalProtect SSL VPN

Published: November 12, 2020

Security Bulletin ID SB2020111223
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper Authentication (CVE-ID: CVE-2020-2050)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication.

Impacted features that use SSL VPN with client certificate verification are:

GlobalProtect Gateway
GlobalProtect Portal
GlobalProtect Clientless VPN

In configurations where client certificate verification is used in conjunction with other authentication methods, the protections added by the certificate check are ignored as a result of this issue.


Remediation

Install update from vendor's website.

References