Palo Alto Networks Security Advisories / CVE-2021-3049

CVE-2021-3049 Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability

047910
Severity 2.6 · LOW
Attack Vector NETWORK
Attack Complexity HIGH
Privileges Required LOW
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact LOW
Integrity Impact NONE
Availability Impact NONE

Description

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of.

This issue impacts:

All Cortex XSOAR 5.5.0 builds;

Cortex XSOAR 6.1.0 builds earlier than 12099345.

This issue does not impact Cortex XSOAR 6.2.0 versions.

Product Status

VersionsAffectedUnaffected
Cortex XSOAR 6.2.0Noneall
Cortex XSOAR 6.1.0< 12099345>= 12099345
Cortex XSOAR 5.5.0all

Severity: LOW

CVSSv3.1 Base Score: 2.6 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-285 Improper Authorization

Solution

This issue is fixed in Cortex XSOAR 6.1.0 build 12099345 and all later Cortex XSOAR versions.

There are currently no Cortex XSOAR 5.5.0 updates available for this issue.

Workarounds and Mitigations

There are no known workarounds for this issue.

Acknowledgments

Palo Alto Networks would like to thank CAGIP for discovering and reporting this issue.

Timeline

Initial publication
© 2020 Palo Alto Networks, Inc. All rights reserved.