{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"lessThan": "7.7.3", "status": "affected", "version": "7.7", "versionType": "custom"}, {"lessThan": "7.5.101-CE", "status": "affected", "version": "7.5 CE", "versionType": "custom"}, {"lessThan": "5.0.12-hotfix update", "status": "affected", "version": "5.0", "versionType": "custom"}]}, {"product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "7.8 all"}, {"lessThan": "7.7*", "status": "unaffected", "version": "7.7.3", "versionType": "custom"}, {"lessThan": "7.5 CE*", "status": "unaffected", "version": "7.5.101-CE", "versionType": "custom"}, {"lessThan": "5.0*", "status": "unaffected", "version": "5.0.12-hotfix update", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."}], "datePublic": "2022-09-14T00:00:00", "descriptions": [{"lang": "en", "value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-14T16:35:08", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2022-0029"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."}], "source": {"defect": ["CPATR-16806"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2022-09-14T00:00:00", "value": "Initial publication"}], "title": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2022-09-14T16:00:00.000Z", "ID": "CVE-2022-0029", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XDR Agent", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_name": "7.7", "version_value": "7.7.3"}, {"version_affected": "!>=", "version_name": "7.7", "version_value": "7.7.3"}, {"platform": "Windows", "version_affected": "<", "version_name": "7.5 CE", "version_value": "7.5.101-CE"}, {"version_affected": "!>=", "version_name": "7.5 CE", "version_value": "7.5.101-CE"}, {"platform": "Windows", "version_affected": "<", "version_name": "5.0", "version_value": "5.0.12-hotfix update"}, {"version_affected": "!", "version_name": "7.8", "version_value": "all"}, {"version_affected": "!>=", "version_name": "5.0", "version_value": "5.0.12-hotfix update"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2022-0029", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2022-0029"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."}], "source": {"defect": ["CPATR-16806"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2022-09-14T00:00:00", "value": "Initial publication"}], "x_advisoryEoL": false, "x_affectedList": ["Cortex XDR Agent 7.7", "Cortex XDR Agent 7.5 CE", "Cortex XDR Agent 5.0", "Cortex XDR Agent"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.370Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2022-0029"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2022-0029", "datePublished": "2022-09-14T16:35:08.910462Z", "dateReserved": "2021-12-28T00:00:00", "dateUpdated": "2024-09-17T02:41:54.889Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACA2B1DA-165F-44A9-B173-F39842438E69", "versionEndExcluding": "5.0.12", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:*:*:*", "matchCriteriaId": "EC5B0E84-B9A5-4FE3-B2E5-A64AEF57BCF3", "versionEndExcluding": "7.5.101", "versionStartIncluding": "7.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CD5FFFD-BCE2-43FB-806D-D839719671F3", "versionEndExcluding": "7.7.3", "versionStartIncluding": "7.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."}, {"lang": "es", "value": "Una vulnerabilidad de resoluci\u00f3n de enlaces inapropiada en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un atacante local leer archivos en el sistema con altos privilegios cuando es generado un archivo de soporte t\u00e9cnico"}], "id": "CVE-2022-0029", "lastModified": "2024-11-21T06:37:51.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-14T17:15:10.110", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0029"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0029"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}