CVE-2021-3044
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR | 5.5.0 all | unaffected |
| Palo Alto Networks | Cortex XSOAR | 6.0.0 all | unaffected |
| Palo Alto Networks | Cortex XSOAR | 6.0.1 all | unaffected |
| Palo Alto Networks | Cortex XSOAR | 6.0.2 all | unaffected |
| Palo Alto Networks | Cortex XSOAR | 1016923 < 6.1.0* | affected |
| Palo Alto Networks | Cortex XSOAR | 6.2.0 < 1271065 | affected |
Weaknesses
- CWE-285: CWE-285 Improper Authorization
Workarounds
You must revoke all active integration API keys to fully mitigate the impact of this issue.
To revoke integration API keys from the Cortex XSOAR web client: Settings > Integration > API Keys and then Revoke each API key.
You can create new API keys after you upgrade Cortex XSOAR to a fixed version. Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.