Rewterz Threat Advisory – VMware VSphere Replication command execution
February 12, 2021Rewterz Threat Advisory – Trend Micro Security 2020 and 2021 families code execution
February 12, 2021Rewterz Threat Advisory – VMware VSphere Replication command execution
February 12, 2021Rewterz Threat Advisory – Trend Micro Security 2020 and 2021 families code execution
February 12, 2021Severity
High
Analysis Summary
CVE-2021-3033
Palo Alto Networks Prisma Cloud Compute console could allow a remote attacker to bypass security restrictions, caused by an improper verification of cryptographic signature vulnerability. By logging in to the Prisma Cloud Compute console as any authorized user, an attacker could exploit this vulnerability to bypass signature validation during SAML authentication.
Impact
Security bypass
Affected Vendors
Palo Alto
Affected Products
- Palo Alto Networks Prisma Cloud Compute 20.12 1
- Palo Alto Networks Prisma Cloud Compute 20.09 2
- Palo Alto Networks Prisma Cloud Compute 20.04 2
- Palo Alto Networks Prisma Cloud Compute 19.11 2
Remediation
Palo Alto recommends users to update to the latest version of Prisma Cloud Compute 20.12 update 1 and all later versions.