CVE-2022-0031 - OpenCVE

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Paloaltonetworks	Cortex Xsoar

Configuration 1 [-]

AND

OR	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2102531::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2410815::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2583817::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2022-0031	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-11-09T17:24:34.557Z

Updated:

Reserved: 2021-12-28T23:54:27.328Z

Link: CVE-2022-0031

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-09T18:15:12.263

Modified: 2022-11-10T15:57:42.100

Link: CVE-2022-0031

JSON object: View

Redhat Information

No data.

CWE

CWE-345

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-0031", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "requesterUserId": "4bdfcd35-6352-4419-9b3e-118da80d0642", "dateReserved": "2021-12-28T23:54:27.328Z", "datePublished": "2022-11-09T17:24:34.557Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Cortex XSOAR engine"], "platforms": ["Linux"], "product": "Cortex XSOAR", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "6.9.0.130766", "status": "unaffected"}], "lessThan": "6.9.0.130766", "status": "affected", "version": "6.9.0.0", "versionType": "custom"}, {"status": "affected", "version": "6.8.0.0"}, {"status": "affected", "version": "6.6.0.0"}, {"status": "affected", "version": "6.5.0.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Palo Alto Networks thanks Olivier Caillault for discovering and reporting this issue."}], "datePublic": "2022-11-09T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."}], "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2022-11-09T17:24:34.557Z"}, "references": [{"url": "https://security.paloaltonetworks.com/CVE-2022-0031"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.</span><br>"}], "value": "This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.\n"}], "source": {"defect": ["CRTX-57476"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2022-11-09T17:00:00.000Z", "value": "Initial publication"}], "title": "Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There are no known workarounds for this issue.</p>"}], "value": "There are no known workarounds for this issue.\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2102531:*:*:*:*:*:*", "matchCriteriaId": "C315DCB0-0C0D-4A01-861C-C4C116131E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2410815:*:*:*:*:*:*", "matchCriteriaId": "19C3EC22-FDB7-4FBB-A7E8-78154EB04B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2583817:*:*:*:*:*:*", "matchCriteriaId": "93FB151B-5FCA-462D-84EA-5BEE8ABF3482", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049:*:*:*:*:*:*", "matchCriteriaId": "C8EB5D56-A088-4C98-A840-C434BDB4BDF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656:*:*:*:*:*:*", "matchCriteriaId": "38AE91D5-806F-47AD-84C6-96EA1E147691", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220:*:*:*:*:*:*", "matchCriteriaId": "976AE69C-D4D6-4B5A-90F4-6627E9A10A09", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193:*:*:*:*:*:*", "matchCriteriaId": "F61D6A0A-D99D-47BD-AFC5-6CEDF578A77E", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002:*:*:*:*:*:*", "matchCriteriaId": "62A10DA6-5BDC-49EC-B485-404E9EB6CF89", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."}, {"lang": "es", "value": "Una vulnerabilidad de Escalada de Privilegios (PE) locales en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un Sistema Operativo Linux permite a un atacante local con acceso de shell al motor, ejecutar programas con privilegios elevados."}], "id": "CVE-2022-0031", "lastModified": "2022-11-10T15:57:42.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2022-11-09T18:15:12.263", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0031"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}