PAN-OS, the operating system used to run firewalls and enterprise VPN appliances from Palo Alto Networks has disclosed a critical security flaw. The vulnerability, known as CVE-2020-2021, received a rating of 10/10 on the CVSSv3 severity scale, which means it is easy to exploit and does not require advanced technical skills on the attackers’ end. The vulnerability is also remotely exploitable over the Internet, so attackers do not need to have a foothold in the network to exploit this vulnerability. CVE-2020-2021 is an authentication bypass that allows threat actors to access the device without needing to provide valid credentials. Once exploited, the attackers can change PAN-OS settings and features, and the bug could allow the threat actor to disable firewalls or VPN access-control policies. The US Cyber Command on Monday (June 29th) warned all companies using Palo Alto Networks devices to update as soon as possible, because Advanced Persistent Threat (APT) actors would soon be attempting to exploit this vulnerability.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.