Palo Alto Cortex XDR Agent up to 5.0.11/6.1.8/7.2.3/7.3.1 on Windows Support File file information disclosure

A vulnerability classified as problematic has been found in Palo Alto Cortex XDR Agent up to 5.0.11/6.1.8/7.2.3/7.3.1 on Windows. Affected is some unknown functionality of the component Support File Handler. Upgrading to version 5.0.12, 6.1.9, 7.2.4 or 7.3.2 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

132
019

Field

source_cve_nvd_summary1
exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1
vulnerability_cvss3_vuldb_tempscore1

Commit Conf

90%40
50%10
70%1

Approve Conf

90%40
80%10
70%1
IDCommitedUserFieldChangeRemarksAcceptedReasonC
1205016401/15/2022VulD...cve_nvd_summaryA file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.cve.mitre.org01/15/2022accepted
70
1203754801/12/2022VulD...price_0day$0-$5ksee exploit price documentation01/12/2022accepted
90
1203754701/12/2022VulD...cvss3_meta_tempscore4.2see CVSS documentation01/12/2022accepted
90
1203754601/12/2022VulD...cvss3_meta_basescore4.2see CVSS documentation01/12/2022accepted
90
1203754501/12/2022VulD...cvss3_vuldb_tempscore3.4see CVSS documentation01/12/2022accepted
90
1203754401/12/2022VulD...cvss3_vuldb_basescore3.5see CVSS documentation01/12/2022accepted
90
1203754301/12/2022VulD...cvss2_vuldb_tempscore3.5see CVSS documentation01/12/2022accepted
90
1203754201/12/2022VulD...cvss2_vuldb_basescore4.0see CVSS documentation01/12/2022accepted
90
1203754101/12/2022VulD...cvss3_cna_basescore5.0see CVSS documentation01/12/2022accepted
90
1203754001/12/2022VulD...cvss3_vuldb_eXderived from historical data01/12/2022accepted
80
1203753901/12/2022VulD...cvss2_vuldb_eNDderived from historical data01/12/2022accepted
80
1203753801/12/2022VulD...cvss2_vuldb_auSderived from historical data01/12/2022accepted
80
1203753701/12/2022VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector01/12/2022accepted
80
1203753601/12/2022VulD...cvss2_vuldb_rcCderived from vuldb v3 vector01/12/2022accepted
80
1203753501/12/2022VulD...cvss2_vuldb_aiNderived from vuldb v3 vector01/12/2022accepted
80
1203753401/12/2022VulD...cvss2_vuldb_iiNderived from vuldb v3 vector01/12/2022accepted
80
1203753301/12/2022VulD...cvss2_vuldb_ciPderived from vuldb v3 vector01/12/2022accepted
80
1203753201/12/2022VulD...cvss2_vuldb_acLderived from vuldb v3 vector01/12/2022accepted
80
1203753101/12/2022VulD...cvss2_vuldb_avNderived from vuldb v3 vector01/12/2022accepted
80
1203753001/12/2022VulD...date1641942000 (01/12/2022)01/12/2022accepted
90

31 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!