March 20, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
September 9, 2021Rewterz Threat Advisory – CVE-2021-3773 – OpenVPN for Linux and FreeBSD Security Vulnerability
September 10, 2021Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
September 9, 2021Rewterz Threat Advisory – CVE-2021-3773 – OpenVPN for Linux and FreeBSD Security Vulnerability
September 10, 2021
Severity
High
Analysis Summary
CVE-2021-3051
Palo Alto Networks Cortex XSOAR could allow a remote attacker to bypass security restrictions, caused by improper verification of cryptographic signature vulnerability in SAML authentication implementation. By sending a specially crafted request, an attacker could exploit this vulnerability to access protected resources and perform unauthorized actions.
CVE-2021-3049
Palo Alto Networks Cortex XSOAR could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to download files from the incident investigation.
CVE-2021-3052
Palo Alto Networks PAN-OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the management web interface. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-3053
Palo Alto PAN-OS is vulnerable to a denial of service, caused by improper handling of exceptional conditions. By sending specifically-crafted traffic through the firewall, a remote attacker could exploit this vulnerability to cause the service to crash.
CVE-2021-3054
Palo Alto PAN-OS could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a time-of-check to time-of-use (TOCTOU) race condition vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
CVE-2021-3055
Palo Alto PAN-OS is vulnerable to a denial of service, caused by improper handling of XML external entity (XXE) declarations by the XML parser. By using a specially-crafted XML content, a remote attacker could exploit this vulnerability to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash
Impact
- Bypass Security
- Cross-site Scripting
- Code Execution
- Denial of Service
- Credential Theft
- Unauthorized Access
Affected Vendors
Palo Alto
Affected Products
- Palo Alto Networks Cortex XSOAR 6.1.0
- Palo Alto Networks Cortex XSOAR 6.2.0
- Palo Alto Networks PAN-OS 9.0.8
- Palo Alto Networks PAN-OS 8.1.15
- Palo Alto Networks PAN-OS 9.0.2 h4
Remediation
Refer to Palo Alto Networks Security Advisories for the patch, upgrade, or suggested workaround information.
For CVE-2021-3051
https://security.paloaltonetworks.com/CVE-2021-3051
For CVE-2021-3049
https://security.paloaltonetworks.com/CVE-2021-3049
For CVE-2021-3052
https://security.paloaltonetworks.com/CVE-2021-3052
For CVE-2021-3053
https://security.paloaltonetworks.com/CVE-2021-3053
For CVE-2021-3045
https://security.paloaltonetworks.com/CVE-2021-3054
For CVE-2021-3055