CVE-2022-0029 — Link Following in Palo Alto Networks Cortex XDR Agent

CWE-59 — Link Following5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex XDR Agent Paloaltonetworks Cortex XDR Agent Paloalto Cortex XDR Agent

Timeline

PublishedSep 14

Latest updateNov 29

Description

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDpaloaltonetworks/cortex_xdr_agent5.0 — 5.0.12+2

▶CVEListV5palo_alto_networks/cortex_xdr_agent7.7 — 7.7.3+2

▶Palo Altopaloalto/cortex_xdr_agent

🔴Vulnerability Details

GHSA

GHSA-42jf-jcvf-jgrw: An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the s↗2022-09-15

▶

CVEList

Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File↗2022-09-14

▶

📋Vendor Advisories

VMware

VMware Tools for Windows update addresses a denial-of-service vulnerability (CVE-2022-31693)↗2022-11-29

▶

Palo Alto

Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File↗2022-09-14

▶