CVE-2022-0031: CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

Palo Alto Networks Security Advisories / CVE-2022-0031

Attack Vector LOCAL

Scope UNCHANGED

Attack Complexity LOW

Confidentiality Impact HIGH

Privileges Required HIGH

Integrity Impact HIGH

User Interaction NONE

Availability Impact HIGH

NVD JSON

Published 2022-11-09

Updated 2022-11-09

Reference CRTX-57476

Discovered externally

Description

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.

Product Status

Versions

Affected

Unaffected

Cortex XSOAR 6.9

< 6.9.0.130766 on Linux

>= 6.9.0.130766 on Linux

Cortex XSOAR 6.8

all

Cortex XSOAR 6.6

all

Cortex XSOAR 6.5

all

Required Configuration for Exposure

This issue is applicable only to Cortex XSOAR engine software running on a Linux operating system that was installed through the shell method.

Please see the following link for more Cortex XSOAR engine installation information:

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-admin/engines/install-deploy-and-configure-demisto-engines

Severity:MEDIUM

CVSSv3.1 Base Score:6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-345 Insufficient Verification of Data Authenticity

Solution

This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.

Workarounds and Mitigations

There are no known workarounds for this issue.

Acknowledgments

Palo Alto Networks thanks Olivier Caillault for discovering and reporting this issue.

Timeline

2022-11-09 Initial publication