An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://security.paloaltonetworks.com/CVE-2020-1998 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: palo_alto
Published: 2020-05-13T19:07:14.059174Z
Updated: 2024-09-16T23:56:06.792Z
Reserved: 2019-12-04T00:00:00
Link: CVE-2020-1998
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-05-13T19:15:12.800
Modified: 2024-11-21T05:11:49.027
Link: CVE-2020-1998
Redhat
No data.