Using Palo Alto? Take this advice seriously…:
US Cyber Command said today that foreign state-sponsored hacking groups are likely to exploit a major security bug disclosed today in PAN-OS, the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks.
“Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use,” US Cyber Command said in a tweet today.
“Foreign APTs will likely attempt [to] exploit soon,” the agency added, referring to APT (advanced persistent threat), a term used by the cyber-security industry to describe nation-state hacker groups.
CVE-2020-2021 – A RARE 10/10 VULNERABILITY
US Cyber Command officials are right to be panicked. The CVE-2020-2021 vulnerability is one of those rare security bugs that received a 10 out of 10 score on the CVSSv3 severity scale.
A 10/10 CVSSv3 score means the vulnerability is both easy to exploit as it doesn’t require advanced technical skills, and it’s remotely exploitable via the internet, without requiring attackers to gain an initial foothold on the attacked device.
In technical terms, the vulnerability is an authentication bypass that allows threat actors to access the device without needing to provide valid credentials.
Once exploited, the bug allows hackers to change PAN-OS settings and features. While changing OS features seems innocuous, and of little consequence, the bug is actually quite a major issue because it could be used to disable firewalls or VPN access-control policies, effectively disabling the entire PAN-OS devices.