CVE-2022-0015 - OpenCVE

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Paloaltonetworks	Cortex Xdr Agent

Configuration 1 [-]

OR	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2022-0015	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-01-12T00:00:00

Updated: 2022-01-12T17:30:20

Reserved: 2021-12-28T00:00:00

Link: CVE-2022-0015

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-12T18:15:08.197

Modified: 2022-01-19T19:22:43.423

Link: CVE-2022-0015

JSON object: View

Redhat Information

No data.

CWE

CWE-427

{"containers": {"cna": {"affected": [{"product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "7.2.*"}, {"status": "unaffected", "version": "7.3.*"}, {"status": "unaffected", "version": "7.4.*"}, {"status": "unaffected", "version": "7.5.*"}, {"status": "unaffected", "version": "7.6.*"}, {"changes": [{"at": "5.0.12", "status": "unaffected"}], "lessThan": "5.0.12", "status": "affected", "version": "5.0", "versionType": "custom"}, {"changes": [{"at": "6.1.9", "status": "unaffected"}], "lessThan": "6.1.9", "status": "affected", "version": "6.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."}], "datePublic": "2022-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-12T17:30:20", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2022-0015"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, and all later Cortex XDR agent versions."}], "source": {"defect": ["CPATR-13405", "CPATR-9287"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2022-01-12T00:00:00", "value": "Initial publication"}], "title": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability", "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2022-01-12T17:00:00.000Z", "ID": "CVE-2022-0015", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XDR Agent", "version": {"version_data": [{"version_affected": "<", "version_name": "5.0", "version_value": "5.0.12"}, {"version_affected": "<", "version_name": "6.1", "version_value": "6.1.9"}, {"version_affected": "!", "version_name": "7.2", "version_value": "7.2.*"}, {"version_affected": "!>=", "version_name": "5.0", "version_value": "5.0.12"}, {"version_affected": "!>=", "version_name": "6.1", "version_value": "6.1.9"}, {"version_affected": "!", "version_name": "7.3", "version_value": "7.3.*"}, {"version_affected": "!", "version_name": "7.4", "version_value": "7.4.*"}, {"version_affected": "!", "version_name": "7.5", "version_value": "7.5.*"}, {"version_affected": "!", "version_name": "7.6", "version_value": "7.6.*"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-427 Uncontrolled Search Path Element"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2022-0015", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2022-0015"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, and all later Cortex XDR agent versions."}], "source": {"defect": ["CPATR-13405", "CPATR-9287"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2022-01-12T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_advisoryEoL": false, "x_affectedList": ["Cortex XDR Agent 6.1", "Cortex XDR Agent 5.0"]}}}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2022-0015", "datePublished": "2022-01-12T00:00:00", "dateReserved": "2021-12-28T00:00:00", "dateUpdated": "2022-01-12T17:30:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACA2B1DA-165F-44A9-B173-F39842438E69", "versionEndExcluding": "5.0.12", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD9113FA-3169-4D5C-84F6-A3AC4A510347", "versionEndExcluding": "6.1.9", "versionStartIncluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de escalada de privilegios (PE) local en el agente Cortex XDR de Palo Alto Networks que permite a un usuario local autenticado ejecutar programas con privilegios elevados. Este problema afecta a: El agente Cortex XDR versiones 5.0 anteriores al agente Cortex XDR 5.0.12; el agente Cortex XDR versiones 6.1 anteriores al agente Cortex XDR 6.1.9"}], "id": "CVE-2022-0015", "lastModified": "2022-01-19T19:22:43.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2022-01-12T18:15:08.197", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0015"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}