CVE-2021-3034 : Exploit Details and Defense Strategies
Learn about CVE-2021-3034 impacting Cortex XSOAR, where secrets for SAML single sign-on (SSO) integration may be logged in system logs. Understand the impact, technical details, and mitigation steps.
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.
Understanding CVE-2021-3034
This vulnerability in Cortex XSOAR software can potentially expose sensitive information when setting up the SAML single sign-on integration.
What is CVE-2021-3034?
CVE-2021-3034 is an information exposure vulnerability in Cortex XSOAR. It allows secrets configured for the SAML SSO integration to be logged in system logs during the integration testing process.
The Impact of CVE-2021-3034
The impact of this vulnerability includes exposing private keys and identity provider certificates, compromising the confidentiality of the SAML SSO integration setup.
Technical Details of CVE-2021-3034
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability allows secrets configured for the SAML SSO integration in Cortex XSOAR to be logged in system logs, potentially exposing sensitive information.
Affected Systems and Versions
The affected versions include Cortex XSOAR 5.5.0, 6.0.1, 6.0.2, and 6.1.0.
Exploitation Mechanism
Palo Alto Networks is not aware of any malicious exploitation of this vulnerability.
Mitigation and Prevention
To address CVE-2021-3034, follow these mitigation and prevention measures.
Immediate Steps to Take
Configure a new private key for the SAML SSO integration and avoid using the 'Test' button during setup until after completing the Cortex XSOAR upgrade.
Long-Term Security Practices
Regularly update and patch your Cortex XSOAR appliance to the latest version to avoid exposure to known vulnerabilities.
Patching and Updates
Ensure you have patched your Cortex XSOAR to versions 5.5.0 build 98622, 6.0.1 build 830029, 6.0.2 build 98623, 6.1.0 build 848144, or later versions to mitigate the vulnerability.