OpenCVE

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks	Cortex Xsoar

Configuration 1 [-]

OR	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-::::::

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2021-3044

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2021-06-22T17:15:11.305119Z

Updated: 2024-09-16T17:23:37.359Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-3044

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-22T18:15:08.230

Modified: 2022-07-14T15:58:57.240

Link: CVE-2021-3044

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cortex XSOAR", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "5.5.0 all"}, {"status": "unaffected", "version": "6.0.0 all"}, {"status": "unaffected", "version": "6.0.1 all"}, {"status": "unaffected", "version": "6.0.2 all"}, {"changes": [{"at": "1271064", "status": "unaffected"}, {"at": "1016923", "status": "affected"}], "lessThan": "6.1.0*", "status": "affected", "version": "1016923", "versionType": "custom"}, {"changes": [{"at": "1271065", "status": "unaffected"}], "lessThan": "1271065", "status": "affected", "version": "6.2.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "This issue is applicable only to Cortex XSOAR configurations with active API key integrations.\n\nYou can determine whether your configuration is impacted by selecting \u2018Settings > Integration > API Keys\u2019 from the Cortex XSOAR web client."}], "credits": [{"lang": "en", "value": "This issue was found during internal security review."}], "datePublic": "2021-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-22T17:15:11", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2021-3044"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions."}], "source": {"discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2021-06-22T00:00:00", "value": "Initial publication"}], "title": "Cortex XSOAR: Unauthorized Usage of the REST API", "workarounds": [{"lang": "en", "value": "You must revoke all active integration API keys to fully mitigate the impact of this issue.\n\nTo revoke integration API keys from the Cortex XSOAR web client:\nSettings > Integration > API Keys and then Revoke each API key.\n\nYou can create new API keys after you upgrade Cortex XSOAR to a fixed version."}, {"lang": "en", "value": "Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2021-06-22T16:00:00.000Z", "ID": "CVE-2021-3044", "STATE": "PUBLIC", "TITLE": "Cortex XSOAR: Unauthorized Usage of the REST API"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XSOAR", "version": {"version_data": [{"version_affected": "!", "version_name": "5.5.0", "version_value": "all"}, {"version_affected": "!", "version_name": "6.0.0", "version_value": "all"}, {"version_affected": ">=", "version_name": "6.1.0", "version_value": "1016923"}, {"version_affected": "<", "version_name": "6.1.0", "version_value": "1271064"}, {"version_affected": "!<", "version_name": "6.1.0", "version_value": "1016923"}, {"version_affected": "!>=", "version_name": "6.1.0", "version_value": "1271064"}, {"version_affected": "<", "version_name": "6.2.0", "version_value": "1271065"}, {"version_affected": "!>=", "version_name": "6.2.0", "version_value": "1271065"}, {"version_affected": "!", "version_name": "6.0.1", "version_value": "all"}, {"version_affected": "!", "version_name": "6.0.2", "version_value": "all"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "configuration": [{"lang": "en", "value": "This issue is applicable only to Cortex XSOAR configurations with active API key integrations.\n\nYou can determine whether your configuration is impacted by selecting \u2018Settings > Integration > API Keys\u2019 from the Cortex XSOAR web client."}], "credit": [{"lang": "eng", "value": "This issue was found during internal security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2021-3044", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2021-3044"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions."}], "source": {"discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2021-06-22T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "You must revoke all active integration API keys to fully mitigate the impact of this issue.\n\nTo revoke integration API keys from the Cortex XSOAR web client:\nSettings > Integration > API Keys and then Revoke each API key.\n\nYou can create new API keys after you upgrade Cortex XSOAR to a fixed version."}, {"lang": "en", "value": "Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:45:50.915Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2021-3044"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2021-3044", "datePublished": "2021-06-22T17:15:11.305119Z", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-09-16T17:23:37.359Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*", "matchCriteriaId": "F3462449-36BD-4FB6-BB40-B06F0EDE570A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "9E7FE2E0-AA0B-4D86-B5B3-4E1417691CC5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."}, {"lang": "es", "value": "Una vulnerabilidad de autorizaci\u00f3n inapropiada en Palo Alto Networks Cortex XSOAR permite a un atacante remoto no autenticado con acceso a la red del servidor Cortex XSOAR llevar a cabo acciones no autorizadas mediante la API REST. Este problema afecta: Cortex XSOAR versiones 6.1.0 builds posteriores a 1016923 y anteriores a 1271064; Cortex XSOAR versiones 6.2.0 builds anteriores a 1271065. Este problema no afecta a Cortex XSOAR versi\u00f3n 5.5.0, Cortex XSOAR versi\u00f3n 6.0.0, Cortex XSOAR versi\u00f3n 6.0.1 o Cortex XSOAR versi\u00f3n 6.0.2. Todas las instancias de Cortex XSOAR alojadas en Palo Alto Networks est\u00e1n actualizadas para resolver esta vulnerabilidad. No es requerido ninguna acci\u00f3n adicional para estas instancias"}], "id": "CVE-2021-3044", "lastModified": "2022-07-14T15:58:57.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Primary"}]}, "published": "2021-06-22T18:15:08.230", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3044"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}