CVE-2021-3033 CRITICAL

CVE-2021-3033: Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console

Vendor Palo Alto Networks
Product Prisma Cloud Compute
Weakness CWE-347
Published February 10, 2021
Last update September 17, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.

Key dates

02Disclosure timeline

February 10, 2021 CVE published
September 17, 2024 Record updated