[월:] 2020년 06월

CVE-2020-2021

Posted on by admin

CVE-2020-2021

When Security Assertion Markup Language (SAML) authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability.

This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1.

This issue cannot be exploited if SAML is not used for authentication.

This issue cannot be exploited if the ‘Validate Identity Provider Certificate’ option is enabled (checked) in the SAML Identity Provider Server Profile.

Resources that can be protected by SAML-based single sign-on (SSO) authentication are:
GlobalProtect Gateway,
GlobalProtect Portal,
GlobalProtect Clientless VPN,
Authentication and Captive Portal,
PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces,
Prisma Access

In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).

In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.

Source: CVE-2020-2021

CVE-2020-8573

Posted on by admin

CVE-2020-8573

The NetApp HCI H610S Baseboard Management Controller (BMC) is shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 the H610S BMC account password is reset to the default documented value which allows remote attackers to cause a Denial of Service (DoS).

Source: CVE-2020-8573

CVE-2020-4557

Posted on by admin

CVE-2020-4557

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611.

Source: CVE-2020-4557