Nov 11– Any security vendor recognizes that their products must work as promised and be free from vulnerabilities that can be used in attacks. While development teams exercise care and caution in the development process, bugs do happen, somewhere between 15 and 50 times within the average 1,000 lines of code.
Recently, cyber security researchers discovered a vulnerability in Palo Alto Inc’s GlobalProtect Clientless VPN during SAML authentication. The vulnerability has been labeled “high severity” as many as 10,000 organizations are using these potentially compromised firewalls.
This zero day is being tracked as CVE 2021-3064, and has received a CVSS rating of 9.8 out of 10 due to severity. The bug permits unauthenticated RCE on multiple versions of PAN-OS 8.1, prior to 8.1.17 in physical and virtual firewalls alike.
Attackers able to exploit this vulnerability can potentially gain a shell on the targeted system, retrieve sensitive configuration data, extract credentials and more. Once in the system, hackers can easily make incremental lateral movements across a network. Organizations that could experience this issue may want to start thinking about vulnerability management best practices.
“This is yet another an alarming example of critical vulnerability across the core platform,” says Check Point security architect, Greg Pepper.
Organizations should take care to choose security vendors wisely. In addition, CISOs may want to ensure that security redundancies are built into security systems. “Security is not a 100% business. However, small differences in preventative capabilities create a huge downstream impact,” says Check Point VP of Engineering, Jeff Schwartz.
To see how the major security vendors compare against each other, visit checkpoint.com/comparison