Page 6 of 237 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-0027 – Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports

https://notcve.org/view.php?id=CVE-2022-0027

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049. Una vulnerabilidad de autorización inapropiada en el software Cortex XSOAR de Palo Alto Network permite a usuarios autenticados en grupos de sólo lectura generar un informe de correo electrónico que contiene información resumida sobre todos los incidentes en la instancia de Cortex XSOAR, incluidos los incidentes a los que el usuario no presenta acceso. Este problema afecta: Todas las versiones de Cortex XSOAR 6.1; Todas las versiones de Cortex XSOAR 6.2; Todas las versiones de Cortex XSOAR 6.5; Versiones de Cortex XSOAR 6.6 anteriores a Cortex XSOAR 6.6.0 build 6.6.0.2585049 • https://security.paloaltonetworks.com/CVE-2022-0027 • CWE-285: Improper Authorization •

CVSS: 7.2EPSS: 0%CPEs: 39EXPL: 0

CVE-2022-0026 – Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability

https://notcve.org/view.php?id=CVE-2022-0026

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version. Se presenta una vulnerabilidad de escalada de privilegios (PE) local en el software Cortex XDR agent de Palo Alto Networks en Windows que permite a un usuario local autenticado con privilegios de creación de archivos en el directorio root de Windows (como C:\) ejecutar un programa con altos privilegios. Este problema afecta a todas las versiones de Cortex XDR agent sin la actualización de contenido 330 o una versión posterior de actualización de contenido • https://security.paloaltonetworks.com/CVE-2022-0026 • CWE-282: Improper Ownership Management •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-0025 – Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability

https://notcve.org/view.php?id=CVE-2022-0025

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent. Se presenta una vulnerabilidad de escalada de privilegios (PE) local en el software Cortex XDR agent de Palo Alto Networks en Windows que permite a un usuario local autenticado con privilegios de creación de archivos en el directorio root de Windows (como C:\) ejecutar un programa con altos privilegios. Este problema afecta a: Todas las versiones de Cortex XDR agent cuando es actualizado al agente Cortex XDR 7.7.0 en Windows; Cortex XDR agent versión XDR 7.7.0 sin la actualización de contenido 500 o una versión posterior en Windows. • https://security.paloaltonetworks.com/CVE-2022-0025 • CWE-427: Uncontrolled Search Path Element •

CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-0024 – PAN-OS: Improper Neutralization Vulnerability Leads to Unintended Program Execution During Configuration Commit

https://notcve.org/view.php?id=CVE-2022-0024

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. Se presenta una vulnerabilidad en el software PAN-OS de Palo Alto Networks que permite a un administrador autenticado de PAN-OS basado en la red cargar una configuración creada específicamente que interrumpe los procesos del sistema y potencialmente ejecuta código arbitrario con privilegios de root cuando la configuración es comprometida tanto en los firewalls de hardware como en los virtuales. Este problema no afecta a los dispositivos de Panorama ni a clientes de Prisma Access. • https://security.paloaltonetworks.com/CVE-2022-0024 • CWE-138: Improper Neutralization of Special Elements •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-0023 – PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy

https://notcve.org/view.php?id=CVE-2022-0023

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in denial-of-service to all PAN-OS services by restarting the device in maintenance mode. This issue does not impact Panorama appliances and Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.22; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5. This issue does not impact PAN-OS 10.2. • https://security.paloaltonetworks.com/CVE-2022-0023 • CWE-755: Improper Handling of Exceptional Conditions •