Palo Alto Networks Security Advisories / CVE-2022-0026

CVE-2022-0026 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability

047910
Severity 6.7 · MEDIUM
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required HIGH
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH

Description

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges.

This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.

Product Status

VersionsAffectedUnaffected
Cortex XDR Agent 7.5 CE7.5.* without CU-330 on Windows7.5.* with CU-330 on Windows
Cortex XDR Agent 7.77.7.* without CU-330 on Windows7.7.* with CU-330 on Windows
Cortex XDR Agent 7.67.6.* without CU-330 on Windows7.6.* with CU-330 on Windows
Cortex XDR Agent 7.57.5.* without CU-330 on Windows7.5.* with CU-330 on Windows
Cortex XDR Agent 7.47.4.* without CU-330 on Windows7.4.* with CU-330 on Windows
Cortex XDR Agent 6.16.1.* without CU-330 on Windows6.1.* with CU-330 on Windows

Severity:MEDIUM

CVSSv3.1 Base Score:6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-282 Improper Ownership Management

Solution

This issue is fixed in all Cortex XDR agent versions with content update 330 and later content update versions.

Workarounds and Mitigations

There are no known workarounds for this issue.

Acknowledgments

Palo Alto Networks thanks Xavier DANEST of Decathlon and Yasser Alhazmi for discovering and reporting this issue.

Timeline

Initial publication
© 2022 Palo Alto Networks, Inc. All rights reserved.