This issue cannot be exploited if SAML is not used for authentication. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3 PAN-OS 9.0 versions earlier than PAN-OS 9.0.9 PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). The attacker must have network access to the vulnerable server to exploit this vulnerability.
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources.
0 kommentar(er)
