Palo Alto Cortex XDR Agent up to 5.0.11/6.1.8/7.2.3/7.3.1 on Windows link following

A vulnerability was found in Palo Alto Cortex XDR Agent up to 5.0.11/6.1.8/7.2.3/7.3.1 on Windows. It has been rated as critical. This issue affects an unknown functionality. Upgrading to version 5.0.12, 6.1.9, 7.2.4 or 7.3.2 eliminates this vulnerability.

Field01/12/2022 08:48 PM01/15/2022 10:27 AM
vendorPalo AltoPalo Alto
nameCortex XDR AgentCortex XDR Agent
version<=5.0.11/6.1.8/7.2.3/7.3.1<=5.0.11/6.1.8/7.2.3/7.3.1
platformWindowsWindows
cwe59 (privilege escalation)59 (privilege escalation)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_cna_avLL
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iLL
cvss3_cna_aHH
urlhttps://security.paloaltonetworks.com/CVE-2022-0012https://security.paloaltonetworks.com/CVE-2022-0012
nameUpgradeUpgrade
upgrade_version5.0.12/6.1.9/7.2.4/7.3.25.0.12/6.1.9/7.2.4/7.3.2
cveCVE-2022-0012CVE-2022-0012
cve_assigned16406460001640646000
cve_cnaPalo Alto Networks, Inc.Palo Alto Networks, Inc.
date1641942000 (01/12/2022)1641942000 (01/12/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss3_cna_basescore6.16.1
cvss2_vuldb_basescore5.55.5
cvss2_vuldb_tempscore4.84.8
cvss3_vuldb_basescore5.45.4
cvss3_vuldb_tempscore5.25.2
cvss3_meta_basescore5.75.7
cvss3_meta_tempscore5.65.6
price_0day$0-$5k$0-$5k
cve_nvd_summaryAn improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

Interested in the pricing of exploits?

See the underground prices here!