fkie_cve-2021-3044
Vulnerability from fkie_nvd
Published
2021-06-22 18:15
Modified
2024-11-21 06:20
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.
References
psirt@paloaltonetworks.comhttps://security.paloaltonetworks.com/CVE-2021-3044Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.paloaltonetworks.com/CVE-2021-3044Vendor Advisory
Impacted products
Vendor Product Version
paloaltonetworks cortex_xsoar 6.1.0
paloaltonetworks cortex_xsoar 6.2.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*",
              "matchCriteriaId": "F3462449-36BD-4FB6-BB40-B06F0EDE570A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "9E7FE2E0-AA0B-4D86-B5B3-4E1417691CC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de autorizaci\u00f3n inapropiada en Palo Alto Networks Cortex XSOAR permite a un atacante remoto no autenticado con acceso a la red del servidor Cortex XSOAR llevar a cabo acciones no autorizadas mediante la API REST. Este problema afecta: Cortex XSOAR  versiones 6.1.0 builds posteriores a 1016923 y anteriores a 1271064; Cortex XSOAR versiones 6.2.0 builds anteriores a 1271065. Este problema no afecta a Cortex XSOAR versi\u00f3n 5.5.0, Cortex XSOAR versi\u00f3n 6.0.0, Cortex XSOAR versi\u00f3n 6.0.1 o Cortex XSOAR versi\u00f3n 6.0.2. Todas las instancias de Cortex XSOAR alojadas en Palo Alto Networks est\u00e1n actualizadas para resolver esta vulnerabilidad. No es requerido ninguna acci\u00f3n adicional para estas instancias"
    }
  ],
  "id": "CVE-2021-3044",
  "lastModified": "2024-11-21T06:20:49.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-06-22T18:15:08.230",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2021-3044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2021-3044"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.