CVE-2022-0014
Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.
Se presenta una vulnerabilidad de ruta de búsqueda no confiable en el agente Cortex XDR de Palo Alto Networks que permite a un atacante local con privilegios de creación de archivos en el directorio root de Windows (como C:\) almacenar un programa que puede ser ejecutado involuntariamente por otro usuario local cuando éste usa una sesión de Live Terminal. Este problema afecta: Agente Cortex XDR versiones 5.0 anteriores al agente Cortex XDR 5.0.12; Agente Cortex XDR versiones 6.1 anteriores al agente Cortex XDR 6.1.9; Agente Cortex XDR versiones 7.2 anteriores al agente Cortex XDR 7.2.4; Agente Cortex XDR versiones 7.3 anteriores al agente Cortex XDR 7.3.2
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-28 CVE Reserved
- 2022-01-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-426: Untrusted Search Path
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2022-0014 | 2022-01-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Paloaltonetworks Search vendor "Paloaltonetworks" | Cortex Xdr Agent Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" | >= 5.0 < 5.0.12 Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" and version " >= 5.0 < 5.0.12" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Cortex Xdr Agent Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" | >= 6.1 < 6.1.9 Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" and version " >= 6.1 < 6.1.9" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Cortex Xdr Agent Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" | >= 7.2 < 7.2.4 Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" and version " >= 7.2 < 7.2.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Cortex Xdr Agent Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" | >= 7.3 < 7.3.2 Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" and version " >= 7.3 < 7.3.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|