CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
Versions | Affected | Unaffected |
---|---|---|
Cortex XDR Agent 7.5 CE | < 7.5.101-CE on Windows | >= 7.5.101-CE |
Cortex XDR Agent 7.8 | None | all |
Cortex XDR Agent 7.7 | < 7.7.3 on Windows | >= 7.7.3 |
Cortex XDR Agent 5.0 | < 5.0.12-hotfix update on Windows | >= 5.0.12-hotfix update |
CVSSv3.1 Base Score:5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent.