Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0026: CVE-2022-0026 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.

CVE
Open in Source
#vulnerability#windows#js#auth

Palo Alto Networks Security Advisories / CVE-2022-0026

Attack Vector LOCAL

Scope UNCHANGED

Attack Complexity LOW

Confidentiality Impact HIGH

Privileges Required HIGH

Integrity Impact HIGH

User Interaction NONE

Availability Impact HIGH

NVD JSON

Published 2022-05-11

Updated 2022-05-11

Reference CPATR-13696 and CPATR-13873

Discovered externally

Description

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges.

This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.

Product Status

Versions

Affected

Unaffected

Cortex XDR Agent 7.5 CE

7.5.* without CU-330 on Windows

7.5.* with CU-330 on Windows

Cortex XDR Agent 7.7

7.7.* without CU-330 on Windows

7.7.* with CU-330 on Windows

Cortex XDR Agent 7.6

7.6.* without CU-330 on Windows

7.6.* with CU-330 on Windows

Cortex XDR Agent 7.5

7.5.* without CU-330 on Windows

7.5.* with CU-330 on Windows

Cortex XDR Agent 7.4

7.4.* without CU-330 on Windows

7.4.* with CU-330 on Windows

Cortex XDR Agent 6.1

6.1.* without CU-330 on Windows

6.1.* with CU-330 on Windows

Severity:MEDIUM

CVSSv3.1 Base Score:6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-282 Improper Ownership Management

Solution

This issue is fixed in all Cortex XDR agent versions with content update 330 and later content update versions.

Workarounds and Mitigations

There are no known workarounds for this issue.

Acknowledgments

Palo Alto Networks thanks Xavier DANEST of Decathlon and Yasser Alhazmi for discovering and reporting this issue.

Timeline

2022-05-11 Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE