HC3 Sector Alert TLP White: CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication, June 30, 2020

On June 29, 2020, Palo Alto Networks announced a vulnerability (CVE-2020-2021) affecting their PAN-OS firewall software. The vulnerability has a 10/10 CVSSv3 score which “means the vulnerability is both easy to exploit as it doesn't require advanced technical skills, and it's remotely exploitable via the internet, without requiring attackers to gain an initial foothold on the attacked device.” Also on June 29, USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert) tweeted that they expected “Foreign APTs will likely attempt exploit soon.

Key Resources

Related Resources

Letter/Comment
AHA Responds to CISA Proposed Rule on Cyber Incident Reporting Requirements
Public
Advisory
HHS Issues Alert on Critical Vulnerability in ‘MOVEit,’ File Transfer Platform Used by Health Care Sector
Public
Special Bulletin
AHA Helps Secure New Cybersecurity Resources from Microsoft and Google to Assist Rural Hospitals
Public
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part Two
Public
Special Bulletin
HHS Authorizes UnitedHealth Group to Make Breach Notifications on Behalf of Providers
Member
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part One
Public