--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'Critical Vulnerability in PaloAlto Cortex' version: '1.0' number: '2021-029' date: 'June 24, 2021' --- _History:_ * _24/06/2021 --- v1.0 -- Initial publication_ # Summary On the 22nd of June 2021, PaloAlto released Security Advisory to address a vulnerability in Palo Alto Networks Cortex XSOAR. Severity is **critical** with a CVSSv3.1 Base Score: 9.8 [1]. # Technical Details An improper authorisation vulnerability in some versions of Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorised actions through the REST API [1]. The vulnerability received CVE-2021-3044 [2] # Products Affected - Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; - Cortex XSOAR 6.2.0 builds earlier than 1271065. # Recommendations This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions. CERT-EU recommends updating the vulnerable application as soon as possible. ## Workarounds and Mitigations To fully mitigate the impact of this issue, all active integration API keys must be revoked. To revoke integration API keys from the Cortex XSOAR web client go to _Settings_ > _Integration_ > _API Keys_ and then _Revoke_ each API key. You can create new API keys after you upgrade Cortex XSOAR to a fixed version. Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue. Please refer to [1] for more details. # References [1] [2]