Researchers from Palo Alto Networks discovered and addresses a critical improper authorization vulnerability, tracked as CVE-2021-3044, that affects its Cortex XSOAR SOAR platform. The CVE-2021-3044 vulnerability received a CVSS score of 9.8.
A remote, unauthenticated attacker with network access to the Cortex XSOAR server could exploit the vulnerability perform unauthorized actions through the REST API.
“An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API.” reads the security advisory published by the security vendor. “This issue is not a remote code execution vulnerability. This issue enables an unauthorized attacker to perform actions on behalf of an active Cortex XSOAR integration, which includes running commands and automations in the Cortex XSOAR War Room.”
This vulnerability impacts:
Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions are not impacted.
The security vendor also provides workarounds for this issue, it suggests revoking all active integration API keys to fully mitigate the impact of this issue and restricting network access to the XSOAR server.
Palo Alto Networks is not aware of any attacks exploiting the CVE-2021-3044 vulnerability.
(SecurityAffairs – hacking, Palo Alto Networks)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.