CVE-2022-0014 — Untrusted Search Path in Palo Alto Networks Cortex XDR Agent

CWE-426 — Untrusted Search Path6 documents6 sources

Severity

7.3HIGHNVD

CNA6.7

EPSS

0.0%

top 86.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex XDR Agent Paloaltonetworks Cortex XDR Agent Paloalto Cortex XDR Agent

Timeline

PublishedJan 12

Latest updateMay 18

Description

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages3 packages

▶NVDpaloaltonetworks/cortex_xdr_agent5.0 — 5.0.12+3

▶CVEListV5palo_alto_networks/cortex_xdr_agent7.2 — 7.2.4+3

▶Palo Altopaloalto/cortex_xdr_agent

🔴Vulnerability Details

GHSA

GHSA-g6g5-57j8-8359: An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in↗2022-01-13

▶

CVEList

Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session↗2022-01-12

▶

📋Vendor Advisories

VMware

VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.↗2022-05-18

▶

Palo Alto

Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session↗2022-01-12

▶