Multiple vulnerabilities in Cortex XDR Agent for Windows
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-0015 CVE-2022-0014 CVE-2022-0013 CVE-2022-0012 |
| CWE-ID | CWE-427 CWE-426 CWE-538 CWE-59 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cortex XDR Agent for Windows Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Palo Alto Networks, Inc. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Insecure DLL loading
EUVDB-ID: #VU59546
Risk: Medium
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0015
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privilege son the system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a malicious DLL file on the system and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsCortex XDR Agent for Windows: 5.0.0 - 6.1.8
External linkshttp://security.paloaltonetworks.com/CVE-2022-0015
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Untrusted search path
EUVDB-ID: #VU59545
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0014
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to elevate privileges on the system.
The vulnerability exist due to application loads libraries in an insecure manner. A local user with file creation privilege in the Windows root directory (such as C:\\) can place a malicious program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCortex XDR Agent for Windows: 5.0.0 - 7.3.1
External linkshttp://security.paloaltonetworks.com/CVE-2022-0014
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) File and Directory Information Exposure
EUVDB-ID: #VU59544
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0013
CWE-ID:
CWE-538 - File And Directory Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due information disclosure issue when generating a support files. A local user can read arbitrary file on the system with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsCortex XDR Agent for Windows: 5.0.0 - 7.3.1
External linkshttp://security.paloaltonetworks.com/CVE-2022-0013
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Link following
EUVDB-ID: #VU59543
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0012
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists due to insecure link following. A local user can create a symbolic link to critical files on the system and delete them.
Install updates from vendor's website.
Vulnerable software versionsCortex XDR Agent for Windows: 5.0.0 - 7.3.1
External linkshttp://security.paloaltonetworks.com/CVE-2022-0012
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
