cve-2021-3044
Vulnerability from cvelistv5
Published
2021-06-22 17:15
Modified
2024-09-16 17:23
Severity ?
EPSS score ?
Summary
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 1016923 < 6.1.0* Version: 6.2.0 < 1271065 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "5.5.0 all"
},
{
"status": "unaffected",
"version": "6.0.0 all"
},
{
"status": "unaffected",
"version": "6.0.1 all"
},
{
"status": "unaffected",
"version": "6.0.2 all"
},
{
"changes": [
{
"at": "1271064",
"status": "unaffected"
},
{
"at": "1016923",
"status": "affected"
}
],
"lessThan": "6.1.0*",
"status": "affected",
"version": "1016923",
"versionType": "custom"
},
{
"changes": [
{
"at": "1271065",
"status": "unaffected"
}
],
"lessThan": "1271065",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue is applicable only to Cortex XSOAR configurations with active API key integrations.\n\nYou can determine whether your configuration is impacted by selecting \u2018Settings \u003e Integration \u003e API Keys\u2019 from the Cortex XSOAR web client."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found during internal security review."
}
],
"datePublic": "2021-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T17:15:11",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3044"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-06-22T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Unauthorized Usage of the REST API",
"workarounds": [
{
"lang": "en",
"value": "You must revoke all active integration API keys to fully mitigate the impact of this issue.\n\nTo revoke integration API keys from the Cortex XSOAR web client:\nSettings \u003e Integration \u003e API Keys and then Revoke each API key.\n\nYou can create new API keys after you upgrade Cortex XSOAR to a fixed version."
},
{
"lang": "en",
"value": "Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-06-22T16:00:00.000Z",
"ID": "CVE-2021-3044",
"STATE": "PUBLIC",
"TITLE": "Cortex XSOAR: Unauthorized Usage of the REST API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XSOAR",
"version": {
"version_data": [
{
"version_affected": "!",
"version_name": "5.5.0",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "6.0.0",
"version_value": "all"
},
{
"version_affected": "\u003e=",
"version_name": "6.1.0",
"version_value": "1016923"
},
{
"version_affected": "\u003c",
"version_name": "6.1.0",
"version_value": "1271064"
},
{
"version_affected": "!\u003c",
"version_name": "6.1.0",
"version_value": "1016923"
},
{
"version_affected": "!\u003e=",
"version_name": "6.1.0",
"version_value": "1271064"
},
{
"version_affected": "\u003c",
"version_name": "6.2.0",
"version_value": "1271065"
},
{
"version_affected": "!\u003e=",
"version_name": "6.2.0",
"version_value": "1271065"
},
{
"version_affected": "!",
"version_name": "6.0.1",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "6.0.2",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue is applicable only to Cortex XSOAR configurations with active API key integrations.\n\nYou can determine whether your configuration is impacted by selecting \u2018Settings \u003e Integration \u003e API Keys\u2019 from the Cortex XSOAR web client."
}
],
"credit": [
{
"lang": "eng",
"value": "This issue was found during internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3044",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3044"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-06-22T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "You must revoke all active integration API keys to fully mitigate the impact of this issue.\n\nTo revoke integration API keys from the Cortex XSOAR web client:\nSettings \u003e Integration \u003e API Keys and then Revoke each API key.\n\nYou can create new API keys after you upgrade Cortex XSOAR to a fixed version."
},
{
"lang": "en",
"value": "Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3044",
"datePublished": "2021-06-22T17:15:11.305119Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-16T17:23:37.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3462449-36BD-4FB6-BB40-B06F0EDE570A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E7FE2E0-AA0B-4D86-B5B3-4E1417691CC5\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de autorizaci\\u00f3n inapropiada en Palo Alto Networks Cortex XSOAR permite a un atacante remoto no autenticado con acceso a la red del servidor Cortex XSOAR llevar a cabo acciones no autorizadas mediante la API REST. Este problema afecta: Cortex XSOAR versiones 6.1.0 builds posteriores a 1016923 y anteriores a 1271064; Cortex XSOAR versiones 6.2.0 builds anteriores a 1271065. Este problema no afecta a Cortex XSOAR versi\\u00f3n 5.5.0, Cortex XSOAR versi\\u00f3n 6.0.0, Cortex XSOAR versi\\u00f3n 6.0.1 o Cortex XSOAR versi\\u00f3n 6.0.2. Todas las instancias de Cortex XSOAR alojadas en Palo Alto Networks est\\u00e1n actualizadas para resolver esta vulnerabilidad. No es requerido ninguna acci\\u00f3n adicional para estas instancias\"}]",
"id": "CVE-2021-3044",
"lastModified": "2024-11-21T06:20:49.983",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-06-22T18:15:08.230",
"references": "[{\"url\": \"https://security.paloaltonetworks.com/CVE-2021-3044\", \"source\": \"psirt@paloaltonetworks.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2021-3044\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-285\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3044\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2021-06-22T18:15:08.230\",\"lastModified\":\"2024-11-21T06:20:49.983\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de autorizaci\u00f3n inapropiada en Palo Alto Networks Cortex XSOAR permite a un atacante remoto no autenticado con acceso a la red del servidor Cortex XSOAR llevar a cabo acciones no autorizadas mediante la API REST. Este problema afecta: Cortex XSOAR versiones 6.1.0 builds posteriores a 1016923 y anteriores a 1271064; Cortex XSOAR versiones 6.2.0 builds anteriores a 1271065. Este problema no afecta a Cortex XSOAR versi\u00f3n 5.5.0, Cortex XSOAR versi\u00f3n 6.0.0, Cortex XSOAR versi\u00f3n 6.0.1 o Cortex XSOAR versi\u00f3n 6.0.2. Todas las instancias de Cortex XSOAR alojadas en Palo Alto Networks est\u00e1n actualizadas para resolver esta vulnerabilidad. No es requerido ninguna acci\u00f3n adicional para estas instancias\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-285\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3462449-36BD-4FB6-BB40-B06F0EDE570A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E7FE2E0-AA0B-4D86-B5B3-4E1417691CC5\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3044\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.