CVE-2022-0025Uncontrolled Search Path Element in Palo Alto Networks Cortex XDR Agent

CWE-427Uncontrolled Search Path Element5 documents5 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 86.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Cortex XDR AgentPaloaltonetworks Cortex XDR AgentPaloalto Cortex XDR Agent
Timeline
PublishedMay 11
Latest updateOct 6

Description

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other p

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

NVDpaloaltonetworks/cortex_xdr_agent7.7.07.7.1.62043
CVEListV5palo_alto_networks/cortex_xdr_agent7.77.7.1.62043 without CU-500

🔴Vulnerability Details

2
GHSA
GHSA-vfc6-3mw5-mv5q: A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local2022-05-12
CVEList
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability2022-05-11

📋Vendor Advisories

2
VMware
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31680, CVE-2022-31681)2022-10-06
Palo Alto
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability2022-05-11
CVE-2022-0025 — Uncontrolled Search Path Element | cvebase