Security News > 2021 > June > Palo Alto Networks Patches Critical Vulnerability in Cortex XSOAR
A security advisory published on Tuesday by Palo Alto Networks informs customers about the availability of patches for a critical vulnerability affecting the company's Cortex XSOAR product.
During an internal security review, Palo Alto Networks discovered that its Cortex XSOAR security orchestration, automation and response platform is affected by an improper authorization issue.
The flaw, tracked as CVE-2021-3044 and rated critical severity with a CVSS score of 9.8, can be exploited by a remote, unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. "This issue is not a remote code execution vulnerability. This issue enables an unauthorized attacker to perform actions on behalf of an active Cortex XSOAR integration, which includes running commands and automations in the Cortex XSOAR War Room," Palo Alto Networks explained in its advisory.
The security hole affects XSOAR versions 6.1.0 and 6.2.0 on configurations with active API key integrations.
As for mitigations, the vendor recommends revoking all active integration API keys and restricting network access to the XSOAR server.
He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia's security news reporter.
News URL
Related news
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (source)
- Fortinet releases patches for undisclosed critical FortiManager vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-22 | CVE-2021-3044 | Unspecified vulnerability in Paloaltonetworks Cortex Xsoar 6.1.0/6.2.0 An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. | 9.8 |