CVE-2020-2002

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions prior to 7.1.26 Palo Alto Networks PAN-OS versions prior to 8.0.21 Palo Alto Networks PAN-OS versions prior to 8.1.13 Palo Alto Networks PAN-OS versions prior to 9.0.6

Description An authentication bypass by spoofing issue exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS. This occurs due to the failure to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users, affecting all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator.

Recommendations For versions prior to 7.1.26, update to version 7.1.26 or later. For versions prior to 8.0.21, update to version 8.0.21 or later. For versions prior to 8.1.13, update to version 8.1.13 or later. For versions prior to 9.0.6, update to version 9.0.6 or later.