Specialists from a pentesting course have revealed the finding of a critical flaw in PAN-OS, the operating system present in multiple Palo Alto Networks solutions. According to the report, the exploitation of this flaw would allow threat actors to evade security controls on the affected products.
Below are some details of the reported flaw, in addition to their respective score and identification key in the Common Vulnerability Scoring System (CVSS).
CVE-2020-2035: When Forward Proxy Decryption SSL/TLS mode is configured to decrypt web transactions, The PAN-OS URL filtering feature inspects the HTTP host and URL path headers for policy enforcement in decrypted HTTPS web transactions, but does not parse the Server Name Indication (SNI) field within the TLS Hello Client handshake, which would allow malicious hackers to bypass the security restrictions implemented.
According to the pentesting course specialists, the flaw allows a compromised host on a protected network to dodge any security policy that uses URL filtering on a firewall configured with SSL Decryption in Forward Proxy mode.
This is an average severity vulnerability that received a CVSS score of 5.4/10.
The following are the versions of Palo Alto PAN-OS affected by this flaw: 8.1, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.4-h2, 8.1.5, 8.1.6, 22.214.171.124, 8.1, 7, 8.1.8, 8.1.8-h4, 8.1.8-h5, 8.1.9, 8.1.9-h4, 126.96.36.199, 8.1.12, 8.1.13, 8.1.14, 8.1. 15, 9.0, 9.0.0, 9.0.1, 9.0.2, 9.0.2-h4, 9.0.3, 9.0.3-h2, 9.0.3-h3, 9.0.4, 9.0.5, 9.0.5- h3, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.1, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.2.0, 10.0.
While the flaw could be exploited by unauthenticated remote threat actors, pentesting course specialists have not detected attempts at active exploitation. It is important to remember that the vulnerability has not yet been fixed, so users should remain in the expectation of any new Palo Alto notice related to the flaw.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.