CVE-2021-3051
published 2021-09-08CVE-2021-3051: An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based…
PriorityP350high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.56%
42.5th percentile
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | cortex_xsoar | >= 5.5.0 < 1578677 | 1578677 |
| palo_alto_networks | cortex_xsoar | >= 6.0.2 < 1576452 | 1576452 |
| palo_alto_networks | cortex_xsoar | >= 6.1.0 < 1578663 | 1578663 |
| palo_alto_networks | cortex_xsoar | >= 6.2.0 < 1578666 | 1578666 |
| paloalto | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Cortex XSOAR: Authentication Bypass in SAML Authentication
vendor_paloalto·2021-09-08·CVSS 8.1
CVE-2021-3051 [HIGH] CWE-347 Cortex XSOAR: Authentication Bypass in SAML Authentication
Cortex XSOAR: Authentication Bypass in SAML Authentication
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server.
Affected products: Cortex XSOAR
Solution: This issue is fixed in Cortex XSOAR 5.5.0 build 1578677, Cortex XSOAR 6.1.0 build 1578663, Cortex XSOAR 6.2.0 build 1578666, and all later Cortex XSOAR versions.
Workaround: To completely prevent this issue from being exploited before you can upgrade your Cortex XSOAR server, disable SAML authentication integration.
You can also restrict network access to the Cortex XSOAR server to a
GHSA
GHSA-4qfq-vjf3-59qg: An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-b
ghsa_unreviewed·2022-05-24
CVE-2021-3051 [HIGH] CWE-347 GHSA-4qfq-vjf3-59qg: An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-b
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-09-08
Published