Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
September 9, 2021Rewterz Threat Advisory – CVE-2021-3773 – OpenVPN for Linux and FreeBSD Security Vulnerability
September 10, 2021
Severity
High
Analysis Summary
CVE-2021-3051
Palo Alto Networks Cortex XSOAR could allow a remote attacker to bypass security restrictions, caused by improper verification of cryptographic signature vulnerability in SAML authentication implementation. By sending a specially crafted request, an attacker could exploit this vulnerability to access protected resources and perform unauthorized actions.
CVE-2021-3049
Palo Alto Networks Cortex XSOAR could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to download files from the incident investigation.
CVE-2021-3052
Palo Alto Networks PAN-OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the management web interface. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-3053
Palo Alto PAN-OS is vulnerable to a denial of service, caused by improper handling of exceptional conditions. By sending specifically-crafted traffic through the firewall, a remote attacker could exploit this vulnerability to cause the service to crash.
CVE-2021-3054
Palo Alto PAN-OS could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a time-of-check to time-of-use (TOCTOU) race condition vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
CVE-2021-3055
Palo Alto PAN-OS is vulnerable to a denial of service, caused by improper handling of XML external entity (XXE) declarations by the XML parser. By using a specially-crafted XML content, a remote attacker could exploit this vulnerability to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash
Impact
- Bypass Security
- Cross-site Scripting
- Code Execution
- Denial of Service
- Credential Theft
- Unauthorized Access
Affected Vendors
Palo Alto
Affected Products
- Palo Alto Networks Cortex XSOAR 6.1.0
- Palo Alto Networks Cortex XSOAR 6.2.0
- Palo Alto Networks PAN-OS 9.0.8
- Palo Alto Networks PAN-OS 8.1.15
- Palo Alto Networks PAN-OS 9.0.2 h4
Remediation
Refer to Palo Alto Networks Security Advisories for the patch, upgrade, or suggested workaround information.
For CVE-2021-3051
https://security.paloaltonetworks.com/CVE-2021-3051
For CVE-2021-3049
https://security.paloaltonetworks.com/CVE-2021-3049
For CVE-2021-3052
https://security.paloaltonetworks.com/CVE-2021-3052
For CVE-2021-3053
https://security.paloaltonetworks.com/CVE-2021-3053
For CVE-2021-3045
https://security.paloaltonetworks.com/CVE-2021-3054
For CVE-2021-3055