Palo Alto has released patches for 5 high-severity vulnerabilities, including four impacting PAN-OS and one impacting Cortex XSOAR. Administrators are urged to apply updates ASAP.
Vulnerability details
Cortex XSOAR:
CVE-2021-3051 Authentication Bypass in SAML Authentication
A cryptographic validation issue allows for an attacker to bypass authentication if SAML authentication is enabled.
To Check if SAML is enabled, check Settings > Servers & Services and search for SAML.
PAN-OS:
CVE-2020-10188 Impact of Telnet Remote-Code-Execution (RCE) Vulnerability
This allows for remote attackers to execute remote code if the telnet-based administration interface is enabled.
CVE-2021-3052 Reflected Cross-Site Scripting (XSS) in Web Interface
With this vulnerability, an authenticated attacker can craft a specific link. If the link is clicked by a victim, this will perform arbitrary administrative actions as the victim user.
CVE-2021-3053 Exceptional Condition Denial-of-Service (DoS)
Due to improper exception handling, an unauthenticated network-based attacker can crash a PAN-OS device, or force it into maintenance mode.
CVE-2021-3054 Unsigned Code Execution During Plugin Installation Race Condition Vulnerability
This allows an authenticated administrator with permission to upload plugins to execute arbitrary code with root privileges.
Also Patched:
CVE-2021-3049 Improper Authorization of Incident Investigations Vulnerability, a low severity on Cortex XSOAR
CVE-2021-3055 XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface, a medium severity impacting PAN-OS.
Mitigation guidance
- Upgrade platforms to mitigate vulnerabilities. Impacted and patched versions vary by CVE, so please review the advisories for additional details.
- Disable Telnet based administrative interface on PAN-OS to alleviate CVE-2020-10188.
Resources
Palo Alto Security Advisories:
https://security.paloaltonetworks.com
