CVE-2023-3282

Summary

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XSOAR6.10 < 6.10.0.250144affected
Palo Alto NetworksCortex XSOAR6.11unaffected
Palo Alto NetworksCortex XSOAR6.12unaffected
Palo Alto NetworksCortex XSOAR8unaffected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References