CVE-2021-3033

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Prisma Cloud Compute versions 19.11 through 20.09 Palo Alto Networks Prisma Cloud Compute version 20.12 before update 1

Description An improper verification of cryptographic signature issue exists in the Palo Alto Networks Prisma Cloud Compute console, enabling an attacker to bypass signature validation during SAML authentication. This allows an attacker to log in to the Prisma Cloud Compute console as any authorized user. The issue is related to errors in checking cryptographic signatures, which can be exploited by a remote attacker to bypass existing security restrictions.

Recommendations For versions 19.11 through 20.09, update to a version after 20.09 or apply the necessary security patches. For version 20.12 before update 1, apply update 1 to resolve the issue. As a temporary workaround, consider restricting SAML authentication until a patch is available. Restrict access to the Prisma Cloud Compute console to minimize the risk of exploitation.