Refine your search
9 vulnerabilities found for Cortex XSOAR by Palo Alto Networks
CERTFR-2024-AVI-0859
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions antérieures à 6.12.0 (Build 1271551) | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0 antérieures à 11.0.6 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.9-x antérieures à 10.2.9-h11 | ||
| Palo Alto Networks | Expedition | Expedition versions antérieures à 1.2.96 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions antérieures à 6.2.5 sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.10-x antérieures à 10.2.10-h4 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions antérieures à 7.9.102-CE sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.4-x antérieures à 11.0.4-h5 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.4.x antérieures à 8.4.1 sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2 antérieures à 10.2.11 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1 antérieures à 11.1.3 | ||
| Palo Alto Networks | Prisma Access | Prisma Access Browser versions antérieures à 129.101.2913.3 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1 antérieures à 10.1.11 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3.x antérieures à 8.3.1 sur Windows |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XSOAR versions ant\u00e9rieures \u00e0 6.12.0 (Build 1271551)",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0 ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.9-x ant\u00e9rieures \u00e0 10.2.9-h11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Expedition versions ant\u00e9rieures \u00e0 1.2.96",
"product": {
"name": "Expedition",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.2.5 sur Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.10-x ant\u00e9rieures \u00e0 10.2.10-h4",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.4-x ant\u00e9rieures \u00e0 11.0.4-h5",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.4.x ant\u00e9rieures \u00e0 8.4.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1 ant\u00e9rieures \u00e0 11.1.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 129.101.2913.3",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-9468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9468"
},
{
"name": "CVE-2024-8909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8909"
},
{
"name": "CVE-2024-9603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9603"
},
{
"name": "CVE-2024-8905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8905"
},
{
"name": "CVE-2024-7025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7025"
},
{
"name": "CVE-2024-8906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
},
{
"name": "CVE-2024-9123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9123"
},
{
"name": "CVE-2024-8907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8907"
},
{
"name": "CVE-2024-9469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9469"
},
{
"name": "CVE-2024-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9471"
},
{
"name": "CVE-2024-9370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9370"
},
{
"name": "CVE-2024-9470",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9470"
},
{
"name": "CVE-2024-9463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9463"
},
{
"name": "CVE-2024-9602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9602"
},
{
"name": "CVE-2024-9467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9467"
},
{
"name": "CVE-2024-9122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9122"
},
{
"name": "CVE-2024-9464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9464"
},
{
"name": "CVE-2024-9121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9121"
},
{
"name": "CVE-2024-8904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8904"
},
{
"name": "CVE-2024-9369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9369"
},
{
"name": "CVE-2024-9120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9120"
},
{
"name": "CVE-2024-9465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9465"
},
{
"name": "CVE-2024-9466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9466"
},
{
"name": "CVE-2024-9473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9473"
},
{
"name": "CVE-2024-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8908"
}
],
"initial_release_date": "2024-10-10T00:00:00",
"last_revision_date": "2024-10-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0859",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0010",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0011",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0011"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-23347",
"url": "https://security.paloaltonetworks.com/CVE-2024-9469"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks GPC-19493 et GPC-21211",
"url": "https://security.paloaltonetworks.com/CVE-2024-9473"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-244840",
"url": "https://security.paloaltonetworks.com/CVE-2024-9468"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-217511 et PAN-152631",
"url": "https://security.paloaltonetworks.com/CVE-2024-9471"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105114",
"url": "https://security.paloaltonetworks.com/CVE-2024-9470"
}
]
}
CERTFR-2023-AVI-0923
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Palo Alto Networks Cortex XSOAR. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données, une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR | Palo Alto Networks Cortex XSOAR versions 6.10.x antérieures à 6.10.0.250144 (sur Linux) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Palo Alto Networks Cortex XSOAR versions 6.10.x ant\u00e9rieures \u00e0 6.10.0.250144 (sur Linux)",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-3282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3282"
}
],
"initial_release_date": "2023-11-09T00:00:00",
"last_revision_date": "2023-11-09T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0923",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003ePalo Alto\nNetworks Cortex XSOAR\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une \u00e9l\u00e9vation de privil\u00e8ges et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Palo Alto Networks Cortex XSOAR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2023-3282 du 08 novembre 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-3282"
}
]
}
CERTFR-2023-AVI-0835
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Palo Alto Networks Cortex XSOAR. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR Kafka Integration v3 versions antérieures à 2.0.16 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XSOAR Kafka Integration v3 versions ant\u00e9rieures \u00e0 2.0.16",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3281"
}
],
"initial_release_date": "2023-10-12T00:00:00",
"last_revision_date": "2023-10-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks\u00a0CVE-2023-3281 du 11 octobre 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-3281"
}
],
"reference": "CERTFR-2023-AVI-0835",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans\u003cspan class=\"textit\"\u003e Palo Alto\nNetworks Cortex XSOAR\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Palo Alto Networks Cortex XSOAR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2023-3281 du 11 octobre 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0105
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans PaloAlto. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR agent versions 5.0.12.x antérieures à 5.0.12.22203 sur Windows | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.6 antérieures au build numéro B186115 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.8 antérieures au build numéro B185719 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.10 antérieures au build numéro 185964 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR agent versions 7.5.x-CE antérieures à 7.5.101-CE sur Windows | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.9 antérieures au build numéro B185415 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR agent versions 5.0.12.x ant\u00e9rieures \u00e0 5.0.12.22203 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.6 ant\u00e9rieures au build num\u00e9ro B186115",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.8 ant\u00e9rieures au build num\u00e9ro B185719",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.10 ant\u00e9rieures au build num\u00e9ro 185964",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR agent versions 7.5.x-CE ant\u00e9rieures \u00e0 7.5.101-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.9 ant\u00e9rieures au build num\u00e9ro B185415",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0003"
},
{
"name": "CVE-2023-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0001"
},
{
"name": "CVE-2023-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0002"
}
],
"initial_release_date": "2023-02-09T00:00:00",
"last_revision_date": "2023-02-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto du 08 f\u00e9vrier 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-0003"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto du 08 f\u00e9vrier 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto du 08 f\u00e9vrier 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
],
"reference": "CERTFR-2023-AVI-0105",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePaloAlto\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits PaloAlto",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2023-0003 du 08 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2023-0001 du 08 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2023-0002 du 08 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2022-AVI-1023
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Palo Alto Networks Cortex XSOAR. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR | Palo Alto Networks Cortex XSOAR versions antérieures à 6.9.0.130766 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Palo Alto Networks Cortex XSOAR versions ant\u00e9rieures \u00e0 6.9.0.130766",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0031",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0031"
}
],
"initial_release_date": "2022-11-10T00:00:00",
"last_revision_date": "2022-11-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1023",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-10T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Palo Alto Networks Cortex XSOAR.\nElle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Palo Alto Networks Cortex XSOAR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks du 09 novembre 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0031"
}
]
}
CERTFR-2022-AVI-136
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.1.x antérieures à 5.1.10 sur Windows, MacOS et Linux | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.1.x antérieures à 9.1.12 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR 6.2.0 versions antérieures à 1958888 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.3.x antérieures à 5.3.2 sur Linux | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR 6.1.0 toutes versions | ||
| Palo Alto Networks | Prisma Access | Prisma Access 2.2 Preferred toutes versions | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 8.1.x antérieures à 8.1.21 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.2.x antérieures à 5.2.9 sur Windows et MacOS | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.0.x antérieures à 10.0.8 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.x antérieures à 10.1.3 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.0.x toutes versions | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.2.x à 5.2.7 sur Linux | ||
| Palo Alto Networks | Prisma Access | Prisma Access 2.1 Preferred et Innovation toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.10 sur Windows, MacOS et Linux",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.12",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR 6.2.0 versions ant\u00e9rieures \u00e0 1958888",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.3.x ant\u00e9rieures \u00e0 5.3.2 sur Linux",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR 6.1.0 toutes versions",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access 2.2 Preferred toutes versions",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.21",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.9 sur Windows et MacOS",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.8",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.0.x toutes versions",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.2.x \u00e0 5.2.7 sur Linux",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access 2.1 Preferred et Innovation toutes versions",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0018"
},
{
"name": "CVE-2022-0019",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0019"
},
{
"name": "CVE-2022-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0021"
},
{
"name": "CVE-2022-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0011"
},
{
"name": "CVE-2022-0016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0016"
},
{
"name": "CVE-2022-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0017"
},
{
"name": "CVE-2022-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0020"
}
],
"initial_release_date": "2022-02-10T00:00:00",
"last_revision_date": "2022-02-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-136",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0018 du 09 f\u00e9vrier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0018"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0017 du 09 f\u00e9vrier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0017"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0019 du 09 f\u00e9vrier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0019"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0020 du 09 f\u00e9vrier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0020"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0011 du 09 f\u00e9vrier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0011"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0016 du 09 f\u00e9vrier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0016"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0021 du 09 f\u00e9vrier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0021"
}
]
}
CERTFR-2021-AVI-692
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.x antérieures à 10.0.7 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 5.5.0 antérieures à 1578677 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.1.0 antérieures à 1578663 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.0.x antérieures à 9.0.14 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.0.2 antérieures à 1576452 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.1.x antérieures à 9.1.11 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.2.0 antérieures à 1578666 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 8.1.x antérieures à 8.1.20 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PAN-OS versions 10.x ant\u00e9rieures \u00e0 10.0.7",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 5.5.0 ant\u00e9rieures \u00e0 1578677",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.1.0 ant\u00e9rieures \u00e0 1578663",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.0.x ant\u00e9rieures \u00e0 9.0.14",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.0.2 ant\u00e9rieures \u00e0 1576452",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.2.0 ant\u00e9rieures \u00e0 1578666",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.20",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3049",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3049"
},
{
"name": "CVE-2021-3054",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3054"
},
{
"name": "CVE-2020-10188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10188"
},
{
"name": "CVE-2021-3052",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3052"
},
{
"name": "CVE-2021-3053",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3053"
},
{
"name": "CVE-2021-3055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3055"
},
{
"name": "CVE-2021-3051",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3051"
}
],
"initial_release_date": "2021-09-09T00:00:00",
"last_revision_date": "2021-09-09T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-692",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2020-10188 du 08 septembre 2021",
"url": "https://security.paloaltonetworks.com/CVE-2020-10188"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3053 du 08 septembre 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3053"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3049 du 08 septembre 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3049"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3055 du 08 septembre 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3055"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3054 du 08 septembre 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3054"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3051 du 08 septembre 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3051"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3052 du 08 septembre 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3052"
}
]
}
CERTFR-2021-AVI-621
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR PowerShell Image versions 7.1.x antérieures à 7.1.3.20270 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.x antérieures à 10.1.2 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.1.x antérieures à 9.1.11 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.0.x antérieures à 10.0.8 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 8.1.x antérieures à 8.1.19 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.0.x antérieures à 9.0.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XSOAR PowerShell Image versions 7.1.x ant\u00e9rieures \u00e0 7.1.3.20270",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.2",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.8",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.19",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.0.x ant\u00e9rieures \u00e0 9.0.15",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3045",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3045"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-3050",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3050"
},
{
"name": "CVE-2021-26701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26701"
},
{
"name": "CVE-2021-3048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3048"
},
{
"name": "CVE-2021-3046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3046"
},
{
"name": "CVE-2021-3047",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3047"
}
],
"initial_release_date": "2021-08-12T00:00:00",
"last_revision_date": "2021-08-12T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-621",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3045 du 11 ao\u00fbt 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3045"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3048 du 11 ao\u00fbt 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3048"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3047 du 11 ao\u00fbt 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3047"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2021-0005 du 11 ao\u00fbt 2021",
"url": "https://security.paloaltonetworks.com/PAN-SA-2021-0005"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3046 du 11 ao\u00fbt 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3046"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-26701 du 11 ao\u00fbt 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-26701"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3050 du 11 ao\u00fbt 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3050"
}
]
}
CERTFR-2021-AVI-481
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Palo Alto Networks Cortex XSOAR. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.2.0 antérieures au build numéro 1271065 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.1.0 antérieures au build numéro 1271064 et postérieures au build numéro 1016923 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XSOAR versions 6.2.0 ant\u00e9rieures au build num\u00e9ro 1271065",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.1.0 ant\u00e9rieures au build num\u00e9ro 1271064 et post\u00e9rieures au build num\u00e9ro 1016923",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3044",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3044"
}
],
"initial_release_date": "2021-06-23T00:00:00",
"last_revision_date": "2021-06-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-481",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Palo Alto Networks Cortex XSOAR.\nElle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Palo Alto Networks Cortex XSOAR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3044 du 22 juin 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3044"
}
]
}