Does your enterprise rely on Palo Alto Networks’ products? This is information that you’ll want to know…
A newly discovered bug identified within Palo Alto Network’s Cortex XSOAR platform allows remote cyber attackers to execute commands and to engage in other fraudulent activities, all without actually logging in to the system.
Researchers discovered the bug, which is now known as CVE-2021-3044. It’s an improper-authorization vulnerability that permits a distanced, unauthenticated attacker with network permissions to access the Cortex XSOAR server. A nefarious person can then perform unauthorized actions via the REST API. On the CVSS vulnerability-severity scale, this issue ranks as a 9.8 out of 10.
Cortex XSOAR Bug: Security
Palo Alto Networks’ Cortex XSOAR operates as a cyber security defense platform. Capabilities include security operations automation, threat-intelligence management and cloud-security orchestration, among others. Automated workflows, response playbooks and real-time collaboration between teams are further features. Broadly speaking, the platform represents one of the company’s core security products. A critical vulnerability could have a devastating impact on clients and on client’s clients.
Since the platform enables attackers to execute commands and to manipulate the ‘War Room’, they can hypothetically subvert current security investigations, steal critical data concerning targets’ cyber-defense action plans and more.
Information provided by the affected organization states that real-time investigations do regularly occur through its ‘War Room’. If investigations are staunched, then attackers may have time to engage in a high-level of attack activity and/or damage.
Notably, a “mitigating factor” is that a cyber attacker would need access to the same network that the Cortex XSOAR connects to in order to inflict harm. This means that hackers would have needed to launch an earlier compromise or exploit. Advanced planning for such an attack would be necessary.
Affected versions and patches
As of the present writing, the issue appears only to impact the Cortex XSOAR configuration with active API key integrations in certain versions. Palo Alto Networks recommends that organizations update to the latest version.
For more on this story, visit Threatpost.