CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.
|Cortex XSOAR 6.9||< 18.104.22.168766 on Linux, <= 22.214.171.12487847 on Linux||>= 126.96.36.199766 on Linux|
|Cortex XSOAR 6.8||all|
|Cortex XSOAR 6.6||all|
|Cortex XSOAR 6.5||all|
Required Configuration for Exposure
This issue is applicable only to Cortex XSOAR engine software running on a Linux operating system that was installed through the shell method.
Please see the following link for more Cortex XSOAR engine installation information:
CVSSv3.1 Base Score:6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Palo Alto Networks is not aware of any malicious exploitation of this issue.
This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.
NOTE: The build numbers for Cortex XSOAR software releases have changed format. Please consider the new format when evaluating version applicability. Cortex XSOAR release documentation is available at the following link: https://docs.paloaltonetworks.com/cortex/cortex-xsoar.
Workarounds and Mitigations
There are no known workarounds for this issue.