Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3282: CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.

CVE
Open in Source
#vulnerability#linux#js

Palo Alto Networks Security Advisories / CVE-2023-3282

Urgency MODERATE

Response Effort MODERATE

Recovery USER

Value Density CONCENTRATED

Attack Vector LOCAL

Attack Complexity HIGH

Attack Requirements PRESENT

Automatable NO

User Interaction NONE

Product Confidentiality NONE

Product Integrity NONE

Product Availability NONE

Privileges Required HIGH

Subsequent Confidentiality HIGH

Subsequent Integrity HIGH

Subsequent Availability HIGH

NVD JSON

Published 2023-11-08

Updated 2023-11-08

Reference CRTX-70551

Discovered externally

Description

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.

Product Status

Versions

Affected

Unaffected

Cortex XSOAR 8

None

All

Cortex XSOAR 6.12

None

All

Cortex XSOAR 6.11

None

All

Cortex XSOAR 6.10

< 6.10.0.250144 on Linux

>= 6.10.0.250144 on Linux

Required Configuration for Exposure

This issue is applicable only to Cortex XSOAR engines installed through the shell method that are running on a Linux operating system.

Please see the following link for more Cortex XSOAR engine installation information:

https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Install-a-Cortex-XSOAR-Engine

Severity: MEDIUM

CVSSv4.0 Base Score: 4.9 (CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:C/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-732 Incorrect Permission Assignment for Critical Resource

Solution

This issue is fixed in deployed Cortex XSOAR engines when an updated engine installer is created and used to upgrade the engine from Cortex XSOAR 6.10 build B250144 and all later builds of Cortex XSOAR.

Acknowledgments

Palo Alto Networks thanks Romeo Benzoni for discovering and reporting this issue.

Timeline

2023-11-08 Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE