// For flags

CVE-2021-3044

Cortex XSOAR: Unauthorized Usage of the REST API

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.

Una vulnerabilidad de autorización inapropiada en Palo Alto Networks Cortex XSOAR permite a un atacante remoto no autenticado con acceso a la red del servidor Cortex XSOAR llevar a cabo acciones no autorizadas mediante la API REST. Este problema afecta: Cortex XSOAR versiones 6.1.0 builds posteriores a 1016923 y anteriores a 1271064; Cortex XSOAR versiones 6.2.0 builds anteriores a 1271065. Este problema no afecta a Cortex XSOAR versión 5.5.0, Cortex XSOAR versión 6.0.0, Cortex XSOAR versión 6.0.1 o Cortex XSOAR versión 6.0.2. Todas las instancias de Cortex XSOAR alojadas en Palo Alto Networks están actualizadas para resolver esta vulnerabilidad. No es requerido ninguna acción adicional para estas instancias

*Credits: This issue was found during internal security review.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-06 CVE Reserved
  • 2021-06-22 CVE Published
  • 2024-03-07 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-285: Improper Authorization
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://security.paloaltonetworks.com/CVE-2021-3044 2022-07-14
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Paloaltonetworks
Search vendor "Paloaltonetworks"
 Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
 6.1.0
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.1.0"
1016923
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
 Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
 6.2.0
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.2.0"
-
Affected