Request a Demo
Rewterz
Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
September 9, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-3773 – OpenVPN for Linux and FreeBSD Security Vulnerability
September 10, 2021

Rewterz Threat Advisory – Multiple Palo Alto Security Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-3051

Palo Alto Networks Cortex XSOAR could allow a remote attacker to bypass security restrictions, caused by improper verification of cryptographic signature vulnerability in SAML authentication implementation. By sending a specially crafted request, an attacker could exploit this vulnerability to access protected resources and perform unauthorized actions.

CVE-2021-3049

Palo Alto Networks Cortex XSOAR could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to download files from the incident investigation.

CVE-2021-3052

Palo Alto Networks PAN-OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the management web interface. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2021-3053

Palo Alto PAN-OS is vulnerable to a denial of service, caused by improper handling of exceptional conditions. By sending specifically-crafted traffic through the firewall, a remote attacker could exploit this vulnerability to cause the service to crash.

CVE-2021-3054

Palo Alto PAN-OS could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a time-of-check to time-of-use (TOCTOU) race condition vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

CVE-2021-3055

Palo Alto PAN-OS is vulnerable to a denial of service, caused by improper handling of XML external entity (XXE) declarations by the XML parser. By using a specially-crafted XML content, a remote attacker could exploit this vulnerability to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash

Impact

  • Bypass Security
  • Cross-site Scripting
  • Code Execution
  • Denial of Service
  • Credential Theft
  • Unauthorized Access

Affected Vendors

Palo Alto

Affected Products

  • Palo Alto Networks Cortex XSOAR 6.1.0
  • Palo Alto Networks Cortex XSOAR 6.2.0
  • Palo Alto Networks PAN-OS 9.0.8
  • Palo Alto Networks PAN-OS 8.1.15
  • Palo Alto Networks PAN-OS 9.0.2 h4

Remediation

Refer to Palo Alto Networks Security Advisories for the patch, upgrade, or suggested workaround information.

For CVE-2021-3051

https://security.paloaltonetworks.com/CVE-2021-3051

For CVE-2021-3049

https://security.paloaltonetworks.com/CVE-2021-3049

For CVE-2021-3052

https://security.paloaltonetworks.com/CVE-2021-3052

For CVE-2021-3053

https://security.paloaltonetworks.com/CVE-2021-3053

For CVE-2021-3045

https://security.paloaltonetworks.com/CVE-2021-3054

For CVE-2021-3055

https://security.paloaltonetworks.com/CVE-2021-3055