Palo Alto has published a security advisory to address a Security Assertion Markup Language (SAML) authentication vulnerability in PAN-OS. When an affected system enables SAML authentication and disables "Validate Identity Provider Certificate" option, an unauthenticated attacker with network access to the affected system may exploit the improper verification of signatures in PAN-OS SAML authentication.
Please note that PAN-OS 8.0 has reached its End-Of-Life (EOL) on 31.10.2019. No security updates will be provided after that. Users should arrange upgrading the PAN-OS to supported versions or migrating to other supported technology.
Depending on the configured authentication and Security policies, an attacker may gain unauthorised access to protected resources of an affected system.
Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
System administrators should contact their product support vendors for the fixes and assistance.
https://security.paloaltonetworks.com/CVE-2020-2021
https://www.us-cert.gov/ncas/current-activity/2020/06/29/palo-alto-releases-security-updates-pan-os
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2021