CVE-2021-3044

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2021-3044	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-::::::

History

14 Jul 2022, 15:58

Type	Values Removed	Values Added
CWE	~~CWE-863~~	NVD-CWE-Other

29 Jun 2021, 16:45

Type	Values Removed	Values Added
References	~~(MISC) https://security.paloaltonetworks.com/CVE-2021-3044 -~~	(MISC) https://security.paloaltonetworks.com/CVE-2021-3044 - Vendor Advisory
CPE		cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:::::: cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-::::::
CWE		CWE-863
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8

22 Jun 2021, 19:08

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-06-22 18:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-3044

Mitre link : CVE-2021-3044

CVE.ORG link : CVE-2021-3044

JSON object : View

Products Affected

paloaltonetworks

cortex_xsoar

CWE

NVD-CWE-Other CWE-285

Improper Authorization

{"id": "CVE-2021-3044", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-06-22T18:15:08.230", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2021-3044", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."}, {"lang": "es", "value": "Una vulnerabilidad de autorizaci\u00f3n inapropiada en Palo Alto Networks Cortex XSOAR permite a un atacante remoto no autenticado con acceso a la red del servidor Cortex XSOAR llevar a cabo acciones no autorizadas mediante la API REST. Este problema afecta: Cortex XSOAR versiones 6.1.0 builds posteriores a 1016923 y anteriores a 1271064; Cortex XSOAR versiones 6.2.0 builds anteriores a 1271065. Este problema no afecta a Cortex XSOAR versi\u00f3n 5.5.0, Cortex XSOAR versi\u00f3n 6.0.0, Cortex XSOAR versi\u00f3n 6.0.1 o Cortex XSOAR versi\u00f3n 6.0.2. Todas las instancias de Cortex XSOAR alojadas en Palo Alto Networks est\u00e1n actualizadas para resolver esta vulnerabilidad. No es requerido ninguna acci\u00f3n adicional para estas instancias"}], "lastModified": "2022-07-14T15:58:57.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3462449-36BD-4FB6-BB40-B06F0EDE570A"}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E7FE2E0-AA0B-4D86-B5B3-4E1417691CC5"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}