CVE-2022-0012 — Link Following in Palo Alto Networks Cortex XDR Agent

CWE-59 — Link Following CWE-825 — Expired Pointer Dereference5 documents5 sources

Severity

7.1HIGHNVD

CNA6.1

EPSS

0.0%

top 88.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex XDR Agent Paloaltonetworks Cortex XDR Agent Paloalto Cortex XDR Agent

Timeline

PublishedJan 12

Latest updateJan 13

Description

An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agen…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDpaloaltonetworks/cortex_xdr_agent5.0 — 5.0.12+3

▶CVEListV5palo_alto_networks/cortex_xdr_agent5.0 — 5.0.12+3

▶Palo Altopaloalto/cortex_xdr_agent

🔴Vulnerability Details

GHSA

GHSA-pfmg-rqq5-8mr8: An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a loc↗2022-01-13

▶

CVEList

Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability↗2022-01-12

▶

📋Vendor Advisories

Palo Alto

Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability↗2022-01-12

▶