CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.
|Cortex XSOAR 6.9||< 184.108.40.206766 on Linux, <= 220.127.116.1187847 on Linux||>= 18.104.22.168766 on Linux|
|Cortex XSOAR 6.8||all|
|Cortex XSOAR 6.6||all|
|Cortex XSOAR 6.5||all|
Required Configuration for Exposure
This issue is applicable only to Cortex XSOAR engine software running on a Linux operating system that was installed through the shell method.
Please see the following link for more Cortex XSOAR engine installation information:
CVSSv3.1 Base Score:6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Palo Alto Networks is not aware of any malicious exploitation of this issue.
CWE-345 Insufficient Verification of Data Authenticity
This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.
NOTE: The build numbers for Cortex XSOAR software releases have changed format. Please consider the new format when evaluating version applicability. Cortex XSOAR release documentation is available at the following link: https://docs.paloaltonetworks.com/cortex/cortex-xsoar.
Workarounds and Mitigations
There are no known workarounds for this issue.