Security Advisory 2021-035

Release Date:

Multiple Palo Alto Vulnerabilities



  • 15/07/2021 --- v1.0 -- Initial publication


On July 14, Palo Alto published security advisories about two vulnerabilities rated as high [1], CVE-2021-3042 [2] and CVE-2021-3044 [4], affecting respectively Cortex XDR Agent and Prisma Cloud.

Technical details


The vulnerability identified as CVE-2021-3042 [2] allows authenticated local Windows users to run programs with SYSTEM privilege due to improper control of user-controlled file [3]. To exploit this vulnerability, the local user needs to have file creation privilege in the Windows Root Directory [2].


The vulnerability identified as CVE-2021-3043 [4] allows an attacker to exploit a reflected cross-site scripting (XSS) vulnerability [5] in the Prisma Cloud compute web console, enabling the attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface.

Products affected


The following product versions are affected if they do not have content update 181 or later:

  • Cortex XDR Agent 7.3
  • Cortex XDR Agent 7.2
  • Cortex XDR Agent 6.1

Cortex XDR Agent 5 is not affected at all.


Prisma Cloud Compute 21.04Earlier version than 21.04.43921.04.439 and later version
Prisma Cloud Compute 20.12Earlier version than 20.12.55220.12.552 and later version


Palo Alto recommends updating Cortex XDR agent 6.1, 7.2, 7.3, and all later Cortex XDR agent versions with content update 181 or later content updates.

Palo Alto recommends updating Prisma Cloud Compute to 20.12.552, 21.04.439, and all later Prisma Cloud Compute versions. Palo Alto also informed that Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release and so, no additional action is required for these instances.


CVE-2021-3042 is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory.







We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.