CVE-2021-3046: 
PAN-OS vulnerability analysis and mitigation

An improper authentication vulnerability (CVE-2021-3046) was discovered in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when configured to use SAML authentication. The vulnerability affects multiple PAN-OS versions including 8.1 versions earlier than 8.1.19, 9.0 versions earlier than 9.0.14, 9.1 versions earlier than 9.1.9, and 10.0 versions earlier than 10.0.5, while PAN-OS 10.1 versions are not impacted. The vulnerability was disclosed on August 11, 2021 (Palo Alto Advisory).

The vulnerability is classified as CWE-287 (Improper Authentication) with a CVSS v3.1 Base Score of 6.8 (Medium) severity. The CVSS vector string is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N, indicating network accessibility, high attack complexity, low privileges required, no user interaction needed, unchanged scope, and high impact on confidentiality and integrity but no impact on availability (Palo Alto Advisory, NVD).

If exploited, this vulnerability allows an attacker with SAML authentication to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway. This could lead to unauthorized access and potential compromise of system security (Palo Alto Advisory).

The vulnerability has been fixed in PAN-OS versions 8.1.19, 9.0.14, 9.1.9, 10.0.5, and all later versions. As a workaround, administrators can disable SAML authentication for any impacted GlobalProtect portal or gateway until upgrading to a fixed version (Palo Alto Advisory).