Palo Alto Networks Security Advisories / CVE-2022-0029

CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File

047910
Severity 5.5 · MEDIUM
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE

Description

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.

Product Status

VersionsAffectedUnaffected
Cortex XDR Agent 7.5 CE< 7.5.101-CE on Windows>= 7.5.101-CE
Cortex XDR Agent 7.8Noneall
Cortex XDR Agent 7.7< 7.7.3 on Windows>= 7.7.3
Cortex XDR Agent 5.0< 5.0.12-hotfix update on Windows>= 5.0.12-hotfix update

Severity:MEDIUM

CVSSv3.1 Base Score:5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available.

Weakness Type

CWE-59 Improper Link Resolution Before File Access ('Link Following')

Solution

This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent.

Acknowledgments

Palo Alto Networks thanks Diego García of INCIDE for discovering and reporting this issue.

Timeline

Initial publication
© 2022 Palo Alto Networks, Inc. All rights reserved.