CVE-2022-0014

Summary

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XDR Agent7.4.*unaffected
Palo Alto NetworksCortex XDR Agent7.5.*unaffected
Palo Alto NetworksCortex XDR Agent7.6.*unaffected
Palo Alto NetworksCortex XDR Agent7.2 < 7.2.4affected
Palo Alto NetworksCortex XDR Agent7.3 < 7.3.2affected
Palo Alto NetworksCortex XDR Agent5.0 < 5.0.12affected
Palo Alto NetworksCortex XDR Agent6.1 < 6.1.9affected

Weaknesses

  • CWE-426: CWE-426 Untrusted Search Path

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References