Palo Alto Networks (PAN) today addressed another severe vulnerability found in the PAN-OS GlobalProtect portal and affecting unpatched PAN next-generation firewalls.

On June 29, PAN also patched a critical vulnerability (CVE-2020-2021) with a 10/10 CVSSv3 rating, allowing unauthenticated network-based attackers to bypass authentication on PAN-OS devices with SAML auth enabled and the ‘Validate Identity Provider Certificate’ option disabled.

The OS command injection vulnerability patched today and tracked as CVE-2020-2034 allows unauthenticated remote attackers to execute arbitrary OS commands with root privileges on unpatched devices.

The CVE-2020-2034 vulnerability has been rated as high severity with a CVSS 3.x base score of


eyesplash/Flickr

Contributing correspondent Kai Kupferschmidt talks with host Sarah Crespi about the success of a fast moving megatrial for coronavirus treatments. The United Kingdom’s Recovery (Randomized Evaluation of COVID-19 Therapy) trial has enrolled more than 12,000 hospitalized coronavirus patients since early March and has released important recommendations that were quickly taken up by doctors and scientists around the world. Kupferschmidt discusses why such a large study is necessary and why other large drug trials like the World Health Organization’s Solidarity trial are lagging behind.

Read Science’s coronavirus coverage.

Also this week, producer Meagan Cantwell talks with Saul Villeda