CVE-2021-3033
Description
An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.111
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-3033 are affected in prisma_cloud 20.12 | NCM |
| Vulnerabilities CVE-2021-3033 are affected in prisma_cloud 20.09-update_2 | NCM |
| Vulnerabilities CVE-2021-3033 are affected in prisma_cloud 20.09-update_1 | NCM |
| Vulnerabilities CVE-2021-3033 are affected in prisma_cloud 20.09 | NCM |
| Vulnerabilities CVE-2021-3033 are affected in prisma_cloud 20.04-update_2 | NCM |
| Vulnerabilities CVE-2021-3033 are affected in prisma_cloud 20.04-update_1 | NCM |
| Vulnerabilities CVE-2021-3033 are affected in prisma_cloud 20.04 | NCM |
| Vulnerabilities CVE-2021-3033 are affected in prisma_cloud 19.11-update_2 | NCM |
| Vulnerabilities CVE-2021-3033 are affected in prisma_cloud 19.11-update_1 | NCM |
| Vulnerabilities CVE-2021-3033 are affected in prisma_cloud 19.11 | NCM |
| Improper Verification of Cryptographic Signature Vulnerability (CVE-2021-3033) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234