CVE-2022-0031

Summary

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XSOAR6.9.0.0 < 6.9.0.130766affected
Palo Alto NetworksCortex XSOAR6.8.0.0affected
Palo Alto NetworksCortex XSOAR6.6.0.0affected
Palo Alto NetworksCortex XSOAR6.5.0.0affected

Weaknesses

  • CWE-345: CWE-345 Insufficient Verification of Data Authenticity

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References