Headline
CVE-2022-0029: CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
Palo Alto Networks Security Advisories / CVE-2022-0029
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE
NVD JSON
Published 2022-09-14
Updated 2022-09-14
Reference CPATR-16806
Discovered externally
Description
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
Product Status
Versions
Affected
Unaffected
Cortex XDR Agent 7.5 CE
< 7.5.101-CE on Windows
>= 7.5.101-CE
Cortex XDR Agent 7.8
None
all
Cortex XDR Agent 7.7
< 7.7.3 on Windows
>= 7.7.3
Cortex XDR Agent 5.0
< 5.0.12-hotfix update on Windows
>= 5.0.12-hotfix update
Severity:MEDIUM
CVSSv3.1 Base Score:5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available.
Weakness Type
CWE-59 Improper Link Resolution Before File Access (‘Link Following’)
Solution
This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent.
Acknowledgments
Palo Alto Networks thanks Diego García of INCIDE for discovering and reporting this issue.
Timeline
2022-09-14 Initial publication