Researchers from Palo Alto Networks discovered and addresses a critical improper authorization vulnerability, tracked as CVE-2021-3044, that affects its Cortex XSOAR SOAR platform. The CVE-2021-3044 vulnerability received a CVSS score of 9.8.
A remote, unauthenticated attacker with network access to the Cortex XSOAR server could exploit the vulnerability perform unauthorized actions through the REST API.
“An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API.” reads the security advisory published by the security vendor. “This issue is not a remote code execution vulnerability. This issue enables an unauthorized attacker to perform actions on behalf of an active Cortex XSOAR integration, which includes running commands and automations in the Cortex XSOAR War Room.”
This vulnerability impacts:
Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions are not impacted.
The security vendor also provides workarounds for this issue, it suggests revoking all active integration API keys to fully mitigate the impact of this issue and restricting network access to the XSOAR server.
Palo Alto Networks is not aware of any attacks exploiting the CVE-2021-3044 vulnerability.
(SecurityAffairs – hacking, Palo Alto Networks)