Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-3051
PUBLISHED
More InfoOfficial Page
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
View Known Exploited Vulnerability (KEV) details
Published At-08 Sep, 2021 | 17:10
Updated At-17 Sep, 2024 | 01:10
Rejected At-
▼CVE Numbering Authority (CNA)
Cortex XSOAR: Authentication Bypass in SAML Authentication

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Cortex XSOAR
Versions
Affected
  • From 5.5.0 before 1578677 (custom)
    • -> unaffectedfrom1578677
  • From 6.0.2 before 1576452 (custom)
    • -> unaffectedfrom1576452
  • From 6.1.0 before 1578663 (custom)
    • -> unaffectedfrom1578663
  • From 6.2.0 before 1578666 (custom)
    • -> unaffectedfrom1578666
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347 Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

This issue is fixed in Cortex XSOAR 5.5.0 build 1578677, Cortex XSOAR 6.0.2 build 1576452, Cortex XSOAR 6.1.0 build 1578663, Cortex XSOAR 6.2.0 build 1578666, and all later Cortex XSOAR versions.

Configurations

This issue is applicable only to Cortex XSOAR configurations with SAML authentication integration enabled. You can determine if your configuration has SAML authentication integration enabled by selecting 'Settings > Servers & Services' and searching for 'SAML'.

Workarounds

To completely prevent this issue from being exploited before you can upgrade your Cortex XSOAR server, disable SAML authentication integration. You can also restrict network access to the Cortex XSOAR server to allow only trusted users to further reduce the impact of this issue.

Exploits

Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.

Credits
This issue was found by a customer of Palo Alto Networks during a security review.
Timeline
EventDate
Initial publication2021-09-08 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2021-3051
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2021-3051
x_refsource_MISC
x_transferred
Details not found