Security News > 2021 > June > Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

A critical security bug in Palo Alto Networks' Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in.

Found internally by Palo Alto, the bug is an improper-authorization vulnerability that "Enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API," according to the security vendor's Tuesday advisory.

Cortex XSOAR is a cybersecurity defense platform used in a variety of use cases, including security operations automation, threat-intelligence management, automated ransomware remediation and cloud-security orchestration, according to Palo Alto's website.

If remote attackers can run commands and automations in the War Room, they can potentially subvert ongoing security investigations, steal information about a victim's cyber-defense action plans and more.

A mitigating factor however is the fact that an adversary, as mentioned, would need to have access to the same network that the Cortex XSOAR is attached to, requiring an earlier compromise or exploit.

Palo Alto said that it's not aware of any exploitation of the bug in the wild.

News URL

https://threatpost.com/critical-palo-alto-bug-remote-war-room/167169/