Palo Alto Networks Security Advisories / CVE-2022-0029

CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File

Severity 5.5 · MEDIUM
Attack Vector LOCAL
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE


An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.

Product Status

Cortex XDR Agent 7.5 CE< 7.5.101-CE on Windows>= 7.5.101-CE
Cortex XDR Agent 7.8Noneall
Cortex XDR Agent 7.7< 7.7.3 on Windows>= 7.7.3
Cortex XDR Agent 5.0< 5.0.12-hotfix update on Windows>= 5.0.12-hotfix update

Severity: MEDIUM

CVSSv3.1 Base Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available.

Weakness Type

CWE-59 Improper Link Resolution Before File Access ('Link Following')


This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent.


Palo Alto Networks thanks Diego García of INCIDE for discovering and reporting this issue.


Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.