Today PaloAlto Networks released a security advisory 8.2 score that is affecting GlobalProtect SSL VPN gateways that rely entirely on certificate-based authentication. This allows an attacker to bypass all client certificate checks with an invalid certificate and gaining access to restricted VPN network resources.

The good news is this can be mitigated by configuring GlobalProtect SSL VPN to require gateway and portal users to authenticate with their credentials. As usual, it is recommended to have two-factor authentication as an extra layer of security and make it harder for an attacker to access your data. This drastically reduces the chances of fraud, data loss, or identity theft

More information can be found directly on the security advisory from PaloAlto Networks. CVE-2020-2050