Palo Alto Networks is offering a patch to a very critical vulnerability that was recently detected. The risk, referenced as CVE-2020-2021, is a bypass that potentially allows remote attackers to have access and control over devices including firewalls and VPN appliances. The attackers could have the opportunity to adjust the settings on the devices, change policies including ones for access, or change the configurations for turning them off. With this vulnerability, version 7.1 is not impacted. The versions that are at risk include PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and, all versions of PAN-OS 8.0 (EOL).
Palo Alto Networks has listed this vulnerability as a 10, the most critical. The US Cyber Command has also labeled this vulnerability as critical and believes that global APTs could exploit this soon. For more details and admin instructions, please review https://security.paloaltonetworks.com/CVE-2020-2021.
Palo Alto Networks has stated that this vulnerability is not currently under attack. Our recommendation is to execute the security updates immediately.