CVE-2022-0026Improper Ownership Management in Palo Alto Networks Cortex XDR Agent

CWE-282Improper Ownership Management5 documents5 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 89.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Cortex XDR AgentPaloaltonetworks Cortex XDR AgentPaloalto Cortex XDR Agent
Timeline
PublishedMay 11
Latest updateOct 11

Description

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5palo_alto_networks/cortex_xdr_agent6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-q2c9-rxg9-v5jf: A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local2022-05-12
CVEList
Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability2022-05-11

📋Vendor Advisories

2
VMware
VMware vRealize Operations patches address an arbitrary file read vulnerability (CVE-2022-31682).2022-10-11
Palo Alto
Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability2022-05-11
CVE-2022-0026 — Improper Ownership Management in Palo | cvebase