Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.

A critical security bug in Palo Alto Networks’ Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in.

Found internally by Palo Alto, the bug (CVE-2021-3044) is an improper-authorization vulnerability that “enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API,” according to the security vendor’s Tuesday advisory. It rates 9.8 out of 10 on the CVSS vulnerability-severity scale.

Cortex XSOAR is a cybersecurity defense platform used in a variety of use cases, including security operations automation, threat-intelligence management, automated ransomware remediation and cloud-security orchestration, according to Palo Alto’s website. SOAR stands for “security orchestration, automation and response,” and in Palo Alto’s case the term is used to mean taking a unified approach to centralizing threat intelligence and security alerts across sources. The Cortex platform also implements automated workflows and response playbooks, and allows real-time collaboration between teams.

Leave a Comment