CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
Attack Vector LOCAL
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
|Cortex XDR Agent 7.5 CE||< 7.5.101-CE on Windows||>= 7.5.101-CE|
|Cortex XDR Agent 7.8||None||all|
|Cortex XDR Agent 7.7||< 7.7.3 on Windows||>= 7.7.3|
|Cortex XDR Agent 5.0||< 5.0.12-hotfix update on Windows||>= 5.0.12-hotfix update|
CVSSv3.1 Base Score:5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent.
Palo Alto Networks thanks Diego García of INCIDE for discovering and reporting this issue.