Security News > 2021 > July > Palo Alto Networks Patches Flaws in Prisma Cloud Compute, Cortex XDR Agent
Palo Alto Networks this week announced the availability of patches for security flaws in the Prisma Cloud Compute cloud workload protection solution and Windows agent for the Cortex XDR detection and response platform.
The most serious of the bugs - CVE-2021-3042 - is a local privilege escalation issue in the Palo Alto Networks Cortex XDR agent on Windows platforms.
The second vulnerability - CVE-2021-3043 - is a reflected cross-site scripting vulnerability that affects the Prisma Cloud Compute web console.
The security flaw impacts Prisma Cloud Compute 20.12 and 21.04 versions prior to releases 20.12.552 and 21.04.439, respectively.
The fixes were automatically applied to Prisma Cloud Compute SaaS installations.
Palo Alto Networks said it was not aware of either these security issues being maliciously exploited.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-15 | CVE-2021-3043 | Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12 A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. | 3.5 |
| 2021-07-15 | CVE-2021-3042 | Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 6.1/7.2/7.3 A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. | 7.2 |