github - ghsa-266x-3x8x-xj7x

ghsa-266x-3x8x-xj7x

Vulnerability from github

Published

2022-05-24 19:05

Modified

2022-07-15 00:00

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-3044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-22T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.",
  "id": "GHSA-266x-3x8x-xj7x",
  "modified": "2022-07-15T00:00:18Z",
  "published": "2022-05-24T19:05:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3044"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3044"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2021-3044

Vulnerability from cvelistv5

Published

2021-06-22 17:15

Modified

2024-09-16 17:23

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	https://security.paloaltonetworks.com/CVE-2021-3044	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Palo Alto Networks

Cortex XSOAR

Version: 1016923 < 6.1.0*
Version: 6.2.0 < 1271065

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:50.915Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2021-3044"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XSOAR",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.5.0 all"
            },
            {
              "status": "unaffected",
              "version": "6.0.0 all"
            },
            {
              "status": "unaffected",
              "version": "6.0.1 all"
            },
            {
              "status": "unaffected",
              "version": "6.0.2 all"
            },
            {
              "changes": [
                {
                  "at": "1271064",
                  "status": "unaffected"
                },
                {
                  "at": "1016923",
                  "status": "affected"
                }
              ],
              "lessThan": "6.1.0*",
              "status": "affected",
              "version": "1016923",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "1271065",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1271065",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue is applicable only to Cortex XSOAR configurations with active API key integrations.\n\nYou can determine whether your configuration is impacted by selecting \u2018Settings \u003e Integration \u003e API Keys\u2019 from the Cortex XSOAR web client."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was found during internal security review."
        }
      ],
      "datePublic": "2021-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285 Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-22T17:15:11",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2021-3044"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-06-22T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XSOAR: Unauthorized Usage of the REST API",
      "workarounds": [
        {
          "lang": "en",
          "value": "You must revoke all active integration API keys to fully mitigate the impact of this issue.\n\nTo revoke integration API keys from the Cortex XSOAR web client:\nSettings \u003e Integration \u003e API Keys  and then Revoke each API key.\n\nYou can create new API keys after you upgrade Cortex XSOAR to a fixed version."
        },
        {
          "lang": "en",
          "value": "Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2021-06-22T16:00:00.000Z",
          "ID": "CVE-2021-3044",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XSOAR: Unauthorized Usage of the REST API"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XSOAR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!",
                            "version_name": "5.5.0",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "6.0.0",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "6.1.0",
                            "version_value": "1016923"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.1.0",
                            "version_value": "1271064"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "6.1.0",
                            "version_value": "1016923"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.1.0",
                            "version_value": "1271064"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.2.0",
                            "version_value": "1271065"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.2.0",
                            "version_value": "1271065"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "6.0.1",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "6.0.2",
                            "version_value": "all"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue is applicable only to Cortex XSOAR configurations with active API key integrations.\n\nYou can determine whether your configuration is impacted by selecting \u2018Settings \u003e Integration \u003e API Keys\u2019 from the Cortex XSOAR web client."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was found during internal security review."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285 Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2021-3044",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2021-3044"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions."
          }
        ],
        "source": {
          "discovery": "INTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-06-22T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "You must revoke all active integration API keys to fully mitigate the impact of this issue.\n\nTo revoke integration API keys from the Cortex XSOAR web client:\nSettings \u003e Integration \u003e API Keys  and then Revoke each API key.\n\nYou can create new API keys after you upgrade Cortex XSOAR to a fixed version."
          },
          {
            "lang": "en",
            "value": "Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2021-3044",
    "datePublished": "2021-06-22T17:15:11.305119Z",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-09-16T17:23:37.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted