CVE-2022-0015 is a vulnerability in Palo Alto Networks Cortex Xdr Agent
Published on January 12, 2022
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.
Vulnerability Analysis
CVE-2022-0015 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Timeline
Initial publication
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2022-0015 has been classified to as a DLL preloading vulnerability or weakness.
Products Associated with CVE-2022-0015
Want to know whenever a new CVE is published for Palo Alto Networks Cortex Xdr Agent? stack.watch will email you.
Affected Versions
Palo Alto Networks Cortex XDR Agent:- Version 7.2.* is unaffected.
- Version 7.3.* is unaffected.
- Version 7.4.* is unaffected.
- Version 7.5.* is unaffected.
- Version 7.6.* is unaffected.
- Version 5.0 and below 5.0.12 is affected.
- Version 6.1 and below 6.1.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.