Foreign hackers backed by a well-resourced government are likely to exploit a critical vulnerability in a host and VPN and firewall products sold by Palo Alto Networks, officials in the US federal government warned on Tuesday.
In worst-case scenarios, the security vendor said in a post, the flaw allows unauthorized people to log in to networks as administrators. With those privileges, attackers could install software of their choice or carry out other malicious actions that have serious consequences. The vulnerability, tracked as CVE-2020-2021, can be exploited when an authentication mechanism known as Security Assertion Markup Language is used to validate that users gave the proper permission to access a network. Attackers must also have Internet access to an affected server.
Shortly after Palo Alto Networks issued the advisory, the official Twitter account for the US Cybersecurity and Infrastructure Security Agency warned that the vulnerability is likely to be exploited in the wild by APTs, short for advanced persistent threats. APT is the term many researchers use for sophisticated hacker groups that attempt to breach select targets of interest over extended periods of time.