Vulnerability in Palo Alto product allows interfering with cyber incident investigation

A critical vulnerability has been identified in the Palo Alto Networks Cortex XSOAR cybersecurity platform.

Its exploitation allows a remote unauthorized attacker to launch commands and automation in the Cortex XSOAR War Room logs and perform other actions on the platform without the need to log in.

Issue ( CVE-2021-3044 ) is an inappropriate authorization vulnerability that “allows a remote, unauthorized attacker with network access to a Cortex XSOAR server to perform unauthorized actions through the REST API.” The vulnerability received a score of 9.8 out of a maximum of 10 on the CVSS scale.

Cortex XSOAR is a cybersecurity platform used in security operations automation, threat intelligence management, automated ransomware remediation, and cloud security orchestration. The Cortex platform also implements automated workflows and response scripts and enables real-time collaboration between teams. War Room is a chronological journal of all actions, artefacts and collaborations related to the investigation of the incident.

Attackers with access to the War Room could potentially disrupt ongoing investigations into cybersecurity incidents, steal information about the victim’s cyber defence plans, and more.

The issue only affects Cortex XSOAR configurations with active API key integration, specifically Cortex XSOAR 6.1.0 (builds older than 1016923 and lower than 1271064) and Cortex XSOAR 6.2.0 (builds lower than 1271065).

Users are strongly encouraged to update to the latest version and revoke all active Integration API keys. Users can create new API keys after the upgrade is complete.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts