Security News > 2021 > June > Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access
A critical security bug in Palo Alto Networks' Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in.
Found internally by Palo Alto, the bug is an improper-authorization vulnerability that "Enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API," according to the security vendor's Tuesday advisory.
Cortex XSOAR is a cybersecurity defense platform used in a variety of use cases, including security operations automation, threat-intelligence management, automated ransomware remediation and cloud-security orchestration, according to Palo Alto's website.
If remote attackers can run commands and automations in the War Room, they can potentially subvert ongoing security investigations, steal information about a victim's cyber-defense action plans and more.
A mitigating factor however is the fact that an adversary, as mentioned, would need to have access to the same network that the Cortex XSOAR is attached to, requiring an earlier compromise or exploit.
Palo Alto said that it's not aware of any exploitation of the bug in the wild.
News URL
https://threatpost.com/critical-palo-alto-bug-remote-war-room/167169/
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)