Unrated severityNVD Advisory· Published May 13, 2020· Updated Sep 16, 2024
PAN-OS: Improper SAML SSO authorization of shared local users
CVE-2020-1998
Description
An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27.1 < 7.1.26; 8.1 < 8.1.13; 9.0 < 9.0.6; 9.1 < 9.1.1; 8.0 all versions+ 1 more
- (no CPE)range: 7.1 < 7.1.26; 8.1 < 8.1.13; 9.0 < 9.0.6; 9.1 < 9.1.1; 8.0 all versions
- (no CPE)range: 8.0.*
Patches
Vulnerability mechanics
References
1- security.paloaltonetworks.com/CVE-2020-1998mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.