Palo Alto Cortex XDR Agent up to 5.0.11/6.1.8/7.2.3/7.3.1 on Windows Support File file information disclosure

A vulnerability classified as problematic has been found in Palo Alto Cortex XDR Agent up to 5.0.11/6.1.8/7.2.3/7.3.1 on Windows. Affected is some unknown functionality of the component Support File Handler. Upgrading to version 5.0.12, 6.1.9, 7.2.4 or 7.3.2 eliminates this vulnerability.

Field01/12/2022 08:49 PM01/15/2022 10:33 AM
vendorPalo AltoPalo Alto
nameCortex XDR AgentCortex XDR Agent
version<=5.0.11/6.1.8/7.2.3/7.3.1<=5.0.11/6.1.8/7.2.3/7.3.1
platformWindowsWindows
componentSupport File HandlerSupport File Handler
cwe538 (information disclosure)538 (information disclosure)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_cna_avLL
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iNN
cvss3_cna_aNN
urlhttps://security.paloaltonetworks.com/CVE-2022-0013https://security.paloaltonetworks.com/CVE-2022-0013
nameUpgradeUpgrade
upgrade_version5.0.12/6.1.9/7.2.4/7.3.25.0.12/6.1.9/7.2.4/7.3.2
cveCVE-2022-0013CVE-2022-0013
cve_assigned16406460001640646000
cve_cnaPalo Alto Networks, Inc.Palo Alto Networks, Inc.
date1641942000 (01/12/2022)1641942000 (01/12/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss3_cna_basescore5.05.0
cvss2_vuldb_basescore4.04.0
cvss2_vuldb_tempscore3.53.5
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.43.4
cvss3_meta_basescore4.24.2
cvss3_meta_tempscore4.24.2
price_0day$0-$5k$0-$5k
cve_nvd_summaryA file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

Want to stay up to date on a daily basis?

Enable the mail alert feature now!