CVE-2021-3033

Published Feb 10, 2021

Last updated 4 years ago

CVSS critical 9.8

Overview

Description: An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.
Source: psirt@paloaltonetworks.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-347
psirt@paloaltonetworks.com: CWE-347

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:19.11:-:*:*:compute:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7302C94-F996-4511-A8A3-EA4FFA70DD26"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:19.11:update_1:*:*:compute:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4A34339-4AB2-400E-A1F3-07331AD83A2B"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:19.11:update_2:*:*:compute:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BFDDC73-738A-440B-9B2E-0A4462271B47"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:20.04:-:*:*:compute:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B676DB6-9678-41C1-9651-4CA2F046B56E"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:20.04:update_1:*:*:compute:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59AAA3EF-F5E9-41D3-BD0B-9B5A95EB34B8"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:20.04:update_2:*:*:compute:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87B38F1D-AD18-42D1-BD6A-7E328CCB7681"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:20.09:-:*:*:compute:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E62836C0-BEE6-487A-8735-E45C8BB66D2A"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:20.09:update_1:*:*:compute:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BFD1122-6B1F-4DD4-BA69-7407C20AD777"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:20.09:update_2:*:*:compute:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B1B1538-52D7-4B2F-AB9B-3ADA8AEAE2CB"
          },
          {
            "criteria": "cpe:2.3:a:paloaltonetworks:prisma_cloud:20.12:-:*:*:compute:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "642F1AF9-1B6A-4215-B63E-4C19921F842D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References