CVE-2022-0020

Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.

Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en la interfaz web de Palo Alto Network Cortex XSOAR permite a un atacante autenticado basado en la red almacenar una carga útil de javascript persistente que llevará a cabo acciones arbitrarias en la interfaz web de Cortex XSOAR en nombre de los administradores autenticados que encuentren la carga útil durante las operaciones normales. Este problema afecta: Todas las versiones de Cortex XSOAR 6.1.0; versiones de Cortex XSOAR 6.2.0 anteriores a la versión 1958888

Palo Alto Cortex XSOAR version 6.5.0 suffers from a persistent cross site scripting vulnerability.

*Credits: Palo Alto Networks thanks Ömür Uğur of Türk Telekom for discovering and reporting this issue.

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-28 CVE Reserved
2022-02-10 CVE Published
2023-04-08 First Exploit
2023-09-03 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (3)

URL	Tag	Source
http://packetstormsecurity.com/files/171782/Palo-Alto-Cortex-XSOAR-6.5.0-Cross-Site-Scripting.html

URL	Date	SRC
https://www.exploit-db.com/exploits/51343	2023-04-08

URL	Date	SRC

URL	Date	SRC
https://security.paloaltonetworks.com/CVE-2022-0020	2023-04-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.1.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.1.0"		-		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.1.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.1.0"		1016923		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.1.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.1.0"		1031903		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.1.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.1.0"		1077664		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.1.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.1.0"		1209934		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.1.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.1.0"		1271079		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.1.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.1.0"		848144		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.2.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.2.0"		-		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.2.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.2.0"		1271082		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.2.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.2.0"		1321594		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.2.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.2.0"		1473927		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.2.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.2.0"		1578666		Affected
Paloaltonetworks Search vendor "Paloaltonetworks"		Cortex Xsoar Search vendor "Paloaltonetworks" for product "Cortex Xsoar"				6.2.0 Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.2.0"		1822745		Affected