Palo Alto Cortex XDR Agent up to 5.0.11/6.1.8 uncontrolled search path

A vulnerability classified as critical was found in Palo Alto Cortex XDR Agent up to 5.0.11/6.1.8. Affected by this vulnerability is an unknown part. Upgrading to version 5.0.12 or 6.1.9 eliminates this vulnerability.

Field01/12/2022 08:50 PM01/15/2022 10:39 AM
vendorPalo AltoPalo Alto
nameCortex XDR AgentCortex XDR Agent
version<=5.0.11/6.1.8<=5.0.11/6.1.8
cwe427 (privilege escalation)427 (privilege escalation)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_cna_avLL
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iHH
cvss3_cna_aHH
urlhttps://security.paloaltonetworks.com/CVE-2022-0015https://security.paloaltonetworks.com/CVE-2022-0015
nameUpgradeUpgrade
upgrade_version5.0.12/6.1.95.0.12/6.1.9
cveCVE-2022-0015CVE-2022-0015
cve_assigned16406460001640646000
cve_cnaPalo Alto Networks, Inc.Palo Alto Networks, Inc.
date1641942000 (01/12/2022)1641942000 (01/12/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss3_cna_basescore7.87.8
cvss2_vuldb_basescore9.09.0
cvss2_vuldb_tempscore7.87.8
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.48.4
cvss3_meta_basescore8.38.3
cvss3_meta_tempscore8.18.1
price_0day$0-$5k$0-$5k
cve_nvd_summaryA local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.

Might our Artificial Intelligence support you?

Check our Alexa App!