CVE-2021-3043 in Prisma Cloud Computeinfo

Summary

by MITRE • 07/15/2021

A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/19/2021

This reflected cross-site scripting vulnerability in Prisma Cloud Compute represents a critical security flaw that exploits the web console's handling of user input parameters. The vulnerability specifically affects the administrative web interface where authenticated users interact with the system, creating a potential attack vector for remote adversaries who can inject malicious JavaScript code into the browser environment. The flaw manifests when the application fails to properly sanitize or encode user-supplied input before reflecting it back to the browser, allowing attackers to execute arbitrary code within the context of the authenticated administrator's session. This type of vulnerability falls under the common weakness enumeration CWE-79 which categorizes improper neutralization of input during web output rendering as a primary concern for web application security.

The operational impact of this vulnerability extends beyond simple code execution, as it enables attackers to potentially escalate privileges and gain unauthorized access to sensitive administrative functions within the Prisma Cloud Compute environment. An attacker who successfully exploits this vulnerability could manipulate the web console to perform actions such as creating new users, modifying security policies, accessing confidential data, or even compromising the underlying infrastructure that the Prisma Cloud Compute system manages. The reflected nature of the XSS means that the malicious payload must be delivered through a crafted URL or input parameter that the application then reflects back to the user's browser without proper sanitization. This attack pattern aligns with ATT&CK technique T1059.007 which describes the use of scripting languages for code execution in web applications.

The vulnerability affects specific versions of Prisma Cloud Compute including 20.12 versions prior to 20.12.552 and 21.04 versions prior to 21.04.439, indicating that the issue was present in the software's input validation mechanisms during those release cycles. Organizations running these vulnerable versions face significant risk as the attack requires only a single authenticated session to be compromised, making the attack surface relatively small yet highly impactful. The fact that Prisma Cloud Compute SaaS versions were automatically upgraded indicates that the vendor recognized the severity of the issue and implemented remediation measures that required no manual intervention from customers. However, for on-premises deployments, administrators would need to manually update their systems to the patched versions to mitigate the risk. The remediation process should include thorough testing of the updated environment to ensure that the XSS vulnerability has been properly addressed without introducing regressions in other functionality. Security teams should also implement monitoring for suspicious user activities and consider additional layers of protection such as web application firewalls to detect and prevent exploitation attempts.

Reservation

01/06/2021

Disclosure

07/15/2021

Moderation

accepted

CPE

ready

EPSS

0.00634

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!