CVE-2020-2050

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication. Impacted features that use SSL VPN with client certificate verification are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN In configurations where client certificate verification is used in conjunction with other authentication methods, the protections added by the certificate check are ignored as a result of this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.

Publication date: Thu, 12 Nov 2020 06:15:00 +0000

Cyber News related to CVE-2020-2050

CVE-2021-37851 - Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 ...
2 years ago

CVE-2020-1246 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1266 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1262 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1275 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1264 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1276 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1274 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1237 - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, ...
3 years ago

CVE-2020-1307 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1273 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1316 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1269 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
2 years ago

CVE-2020-0986 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, ...
2 years ago

CVE-2020-0632 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0626 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0631 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0629 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0768 - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, ...
3 years ago

CVE-2020-0633 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0614 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, ...
3 years ago

CVE-2020-0848 - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, ...
3 years ago

CVE-2020-0833 - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, ...
3 years ago

CVE-2020-0625 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0829 - A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, ...
3 years ago

Latest Cyber News

Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) To Hack Windows Systems - 24 minutes ago
New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API - 52 minutes ago
Have I Been Pwned likely to Ban Resellers - 1 hour ago
Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS - 2 hours ago
Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource - 2 hours ago
KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques - 2 hours ago
Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications - 3 hours ago
BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard's Attacks - 4 hours ago
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack - 6 hours ago
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords - 7 hours ago
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - 8 hours ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 9 hours ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 9 hours ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 12 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 12 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 12 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 13 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 13 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 15 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 15 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) To Hack Windows Systems - 24 minutes ago
New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API - 52 minutes ago
Have I Been Pwned likely to Ban Resellers - 1 hour ago
Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS - 2 hours ago
Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource - 2 hours ago
KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques - 2 hours ago
Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications - 3 hours ago
BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard's Attacks - 4 hours ago
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack - 6 hours ago
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords - 7 hours ago
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - 8 hours ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 9 hours ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 9 hours ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 12 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 12 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 12 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 13 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 13 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 16 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 18 hours ago