CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File

Palo Alto Networks Security Advisories / CVE-2022-0029

CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File

Severity 5.5 · MEDIUM

Attack Vector LOCAL

Scope UNCHANGED

Attack Complexity LOW

Confidentiality Impact HIGH

Privileges Required LOW

Integrity Impact NONE

User Interaction NONE

Availability Impact NONE

NVD JSON

Published 2022-09-14

Updated 2022-09-14

Reference CPATR-16806

Discovered externally

Description

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.

Product Status

Versions	Affected	Unaffected
Cortex XDR Agent 7.5 CE	< 7.5.101-CE on Windows	>= 7.5.101-CE
Cortex XDR Agent 7.8	None	All
Cortex XDR Agent 7.7	< 7.7.3 on Windows	>= 7.7.3
Cortex XDR Agent 5.0	< 5.0.12-hotfix update on Windows	>= 5.0.12-hotfix update

Severity: MEDIUM

CVSSv3.1 Base Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available.

Weakness Type

CWE-59 Improper Link Resolution Before File Access ('Link Following')

Solution

This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent.

Acknowledgments

Palo Alto Networks thanks Diego García of INCIDE for discovering and reporting this issue.

Timeline

2022-09-14 Initial publication