CVE-2021-3044

Summary

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XSOAR5.5.0 allunaffected
Palo Alto NetworksCortex XSOAR6.0.0 allunaffected
Palo Alto NetworksCortex XSOAR6.0.1 allunaffected
Palo Alto NetworksCortex XSOAR6.0.2 allunaffected
Palo Alto NetworksCortex XSOAR1016923 < 6.1.0*affected
Palo Alto NetworksCortex XSOAR6.2.0 < 1271065affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

Workarounds

You must revoke all active integration API keys to fully mitigate the impact of this issue.

To revoke integration API keys from the Cortex XSOAR web client: Settings > Integration > API Keys and then Revoke each API key.

You can create new API keys after you upgrade Cortex XSOAR to a fixed version. Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue.

ADP Enrichment

CVE Program Container

Additional References

References