CVE-2022-0015 — Uncontrolled Search Path Element in Palo Alto Networks Cortex XDR Agent

CWE-427 — Uncontrolled Search Path Element5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 84.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex XDR Agent Paloaltonetworks Cortex XDR Agent Paloalto Cortex XDR Agent

Timeline

PublishedJan 12

Latest updateMay 24

Description

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDpaloaltonetworks/cortex_xdr_agent5.0 — 5.0.12+1

▶CVEListV5palo_alto_networks/cortex_xdr_agent5.0 — 5.0.12+1

▶Palo Altopaloalto/cortex_xdr_agent

🔴Vulnerability Details

GHSA

GHSA-68c7-78j8-wc59: A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute↗2022-01-13

▶

CVEList

Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability↗2022-01-12

▶

📋Vendor Advisories

VMware

VMware Tools for Windows update addresses an XML External Entity (XXE) vulnerability (CVE-2022-22977)↗2022-05-24

▶

Palo Alto

Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability↗2022-01-12

▶