Palo Alto Networks disclosed a critical vulnerability found in the operating system (PAN-OS) of all its next-generation firewalls. It could allow unauthenticated network-based attackers to bypass authentication. The vulnerability tracked as CVE-2020-2021 has been rated as critical severity with a CVSS 3.x base score of 10. The issue affects devices where SAML authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled (unchecked) The U.S. Cybersecurity Command also warned on Twitter that foreign APT groups will likely attempt to exploit Palo Alto Firewalls not patched against this vulnerability.
Source: https://www.bleepingcomputer.com/news/security/palo-alto-networks-patches-critical-vulnerability-in-firewall-os/