CVE-2021-3051

moderate-risk
Published 2021-09-08

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.

Do I need to act?

-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (20)

Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar
Cortex Xsoar

Affected Vendors

Paloaltonetworks

References (2)

Vendor Advisory https://security.paloaltonetworks.com/CVE-2021-3051
Vendor Advisory https://security.paloaltonetworks.com/CVE-2021-3051
45
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 20/34 · Moderate