CVE-2021-3051: Cortex XSOAR: Authentication Bypass in SAML Authentication
First published: Wed Sep 08 2021(Updated: )
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paloaltonetworks Cortex Xsoar | =5.5.0 | |
| Paloaltonetworks Cortex Xsoar | =5.5.0-70066 | |
| Paloaltonetworks Cortex Xsoar | =5.5.0-73387 | |
| Paloaltonetworks Cortex Xsoar | =5.5.0-75211 | |
| Paloaltonetworks Cortex Xsoar | =5.5.0-78518 | |
| Paloaltonetworks Cortex Xsoar | =5.5.0-94592 | |
| Paloaltonetworks Cortex Xsoar | =6.0.2 | |
| Paloaltonetworks Cortex Xsoar | =6.0.2-90947 | |
| Paloaltonetworks Cortex Xsoar | =6.0.2-93351 | |
| Paloaltonetworks Cortex Xsoar | =6.0.2-94597 | |
| Paloaltonetworks Cortex Xsoar | =6.0.2-97682 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-1016923 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-1031903 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-1077664 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-1209934 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-1271079 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-848144 | |
| Paloaltonetworks Cortex Xsoar | =6.2.0 | |
| Paloaltonetworks Cortex Xsoar | =6.2.0-1271082 | |
| Paloaltonetworks Cortex Xsoar | =6.2.0-1321594 | |
| Paloaltonetworks Cortex Xsoar | =6.2.0-1473927 |
Remedy
This issue is fixed in Cortex XSOAR 5.5.0 build 1578677, Cortex XSOAR 6.0.2 build 1576452, Cortex XSOAR 6.1.0 build 1578663, Cortex XSOAR 6.2.0 build 1578666, and all later Cortex XSOAR versions.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3051?
CVE-2021-3051 is an improper verification of cryptographic signature vulnerability in Cortex XSOAR SAML authentication.
What is the severity of CVE-2021-3051?
The severity of CVE-2021-3051 is high, with a CVSS score of 8.1.
Which version of Cortex XSOAR is affected by CVE-2021-3051?
Cortex XSOAR versions 5.5.0 to 6.2.0 are affected by CVE-2021-3051.
How does CVE-2021-3051 impact the system?
CVE-2021-3051 allows an unauthenticated attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions.
Is there a fix available for CVE-2021-3051?
Yes, Palo Alto Networks has released a security advisory with mitigation steps for CVE-2021-3051.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/remedy
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/paloaltonetworks
- canonical/paloaltonetworks cortex xsoar
- version/paloaltonetworks cortex xsoar/5.5.0
- version/paloaltonetworks cortex xsoar/5.5.0-70066
- version/paloaltonetworks cortex xsoar/5.5.0-73387
- version/paloaltonetworks cortex xsoar/5.5.0-75211
- version/paloaltonetworks cortex xsoar/5.5.0-78518
- version/paloaltonetworks cortex xsoar/5.5.0-94592
- version/paloaltonetworks cortex xsoar/6.0.2
- version/paloaltonetworks cortex xsoar/6.0.2-90947
- version/paloaltonetworks cortex xsoar/6.0.2-93351
- version/paloaltonetworks cortex xsoar/6.0.2-94597
- version/paloaltonetworks cortex xsoar/6.0.2-97682
- version/paloaltonetworks cortex xsoar/6.1.0
- version/paloaltonetworks cortex xsoar/6.1.0-1016923
- version/paloaltonetworks cortex xsoar/6.1.0-1031903
- version/paloaltonetworks cortex xsoar/6.1.0-1077664
- version/paloaltonetworks cortex xsoar/6.1.0-1209934
- version/paloaltonetworks cortex xsoar/6.1.0-1271079
- version/paloaltonetworks cortex xsoar/6.1.0-848144
- version/paloaltonetworks cortex xsoar/6.2.0
- version/paloaltonetworks cortex xsoar/6.2.0-1271082
- version/paloaltonetworks cortex xsoar/6.2.0-1321594
- version/paloaltonetworks cortex xsoar/6.2.0-1473927