CVE-2020-1997

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions 7.1 earlier than 7.1.26 Palo Alto Networks PAN-OS versions 8.0 earlier than 8.0.14

Description An open redirection vulnerability in the GlobalProtect component allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates, it will cause them to access an unexpected and potentially malicious website.

Recommendations For PAN-OS 7.1 versions earlier than 7.1.26, update to version 7.1.26 or later. For PAN-OS 8.0 versions earlier than 8.0.14, update to version 8.0.14 or later.