By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Palo Alto Patches a Series of Vulnerabilities Impacting PAN-OS and Cortex XSOAR Platforms

Palo Alto has released patches for 5 high-severity vulnerabilities, including four impacting PAN-OS and one impacting Cortex XSOAR. Administrators are urged to apply updates ASAP. 

Vulnerability details 

Cortex XSOAR:

CVE-2021-3051 Authentication Bypass in SAML Authentication
A cryptographic validation issue allows for an attacker to bypass authentication if SAML authentication is enabled.
 
To Check if SAML is enabled, check Settings > Servers & Services and search for SAML.


PAN-OS:

CVE-2020-10188 Impact of Telnet Remote-Code-Execution (RCE) Vulnerability
This allows for remote attackers to execute remote code if the telnet-based administration interface is enabled.
 
CVE-2021-3052 Reflected Cross-Site Scripting (XSS) in Web Interface
With this vulnerability, an authenticated attacker can craft a specific link. If the link is clicked by a victim, this will perform arbitrary administrative actions as the victim user.
 
CVE-2021-3053 Exceptional Condition Denial-of-Service (DoS)
Due to improper exception handling, an unauthenticated network-based attacker can crash a PAN-OS device, or force it into maintenance mode.
 
CVE-2021-3054 Unsigned Code Execution During Plugin Installation Race Condition Vulnerability
This allows an authenticated administrator with permission to upload plugins to execute arbitrary code with root privileges.


Also Patched:

CVE-2021-3049 Improper Authorization of Incident Investigations Vulnerability, a low severity on Cortex XSOAR

CVE-2021-3055 XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface, a medium severity impacting PAN-OS.

Mitigation guidance

  • Upgrade platforms to mitigate vulnerabilities. Impacted and patched versions vary by CVE, so please review the advisories for additional details.
  • Disable Telnet based administrative interface on PAN-OS to alleviate CVE-2020-10188.

Resources

Palo Alto Security Advisories:
https://security.paloaltonetworks.com

Previous Post

Critical Remote Code Execution Vulnerability Impacts On-Premises Confluence Environments

Next Post

Attackers Exploit Microsoft Windows Remote Code Execution Vulnerability In The Wild

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.