CVE-2022-0013 - OpenCVE

A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Paloaltonetworks	Cortex Xdr Agent

Configuration 1 [-]

AND

OR	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2022-0013

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-01-12T17:30:17.158913Z

Updated: 2024-09-16T17:58:02.852Z

Reserved: 2021-12-28T00:00:00

Link: CVE-2022-0013

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-12T18:15:08.077

Modified: 2022-01-19T19:20:12.023

Link: CVE-2022-0013

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "7.4.*"}, {"status": "unaffected", "version": "7.5.*"}, {"changes": [{"at": "7.2.4", "status": "unaffected"}], "lessThan": "7.2.4", "status": "affected", "version": "7.2", "versionType": "custom"}, {"changes": [{"at": "5.0.12", "status": "unaffected"}], "lessThan": "5.0.12", "status": "affected", "version": "5.0", "versionType": "custom"}, {"changes": [{"at": "6.1.9", "status": "unaffected"}], "lessThan": "6.1.9", "status": "affected", "version": "6.1", "versionType": "custom"}, {"changes": [{"at": "7.3.2", "status": "unaffected"}], "lessThan": "7.3.2", "status": "affected", "version": "7.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."}], "datePublic": "2022-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-538", "description": "CWE-538 File and Directory Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-12T17:30:17", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2022-0013"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."}], "source": {"defect": ["CPATR-13480"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2022-01-12T00:00:00", "value": "Initial publication"}], "title": "Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File", "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2022-01-12T17:00:00.000Z", "ID": "CVE-2022-0013", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XDR Agent", "version": {"version_data": [{"version_affected": "<", "version_name": "7.2", "version_value": "7.2.4"}, {"version_affected": "<", "version_name": "5.0", "version_value": "5.0.12"}, {"version_affected": "<", "version_name": "6.1", "version_value": "6.1.9"}, {"version_affected": "<", "version_name": "7.3", "version_value": "7.3.2"}, {"version_affected": "!>=", "version_name": "7.2", "version_value": "7.2.4"}, {"version_affected": "!>=", "version_name": "5.0", "version_value": "5.0.12"}, {"version_affected": "!>=", "version_name": "6.1", "version_value": "6.1.9"}, {"version_affected": "!", "version_name": "7.4", "version_value": "7.4.*"}, {"version_affected": "!>=", "version_name": "7.3", "version_value": "7.3.2"}, {"version_affected": "!", "version_name": "7.5", "version_value": "7.5.*"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-538 File and Directory Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2022-0013", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2022-0013"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."}], "source": {"defect": ["CPATR-13480"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2022-01-12T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_advisoryEoL": false, "x_affectedList": ["Cortex XDR Agent 7.3", "Cortex XDR Agent 7.2", "Cortex XDR Agent 6.1", "Cortex XDR Agent 5.0"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.263Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2022-0013"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2022-0013", "datePublished": "2022-01-12T17:30:17.158913Z", "dateReserved": "2021-12-28T00:00:00", "dateUpdated": "2024-09-16T17:58:02.852Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACA2B1DA-165F-44A9-B173-F39842438E69", "versionEndExcluding": "5.0.12", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD9113FA-3169-4D5C-84F6-A3AC4A510347", "versionEndExcluding": "6.1.9", "versionStartIncluding": "6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0E24F90-79DD-47F5-BC32-35E32E260BDD", "versionEndExcluding": "7.2.4", "versionStartIncluding": "7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "239EDF44-FCDF-45AC-AE50-D57E6FD7539B", "versionEndExcluding": "7.3.2", "versionStartIncluding": "7.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de exposici\u00f3n de informaci\u00f3n de archivos en el agente Cortex XDR de Palo Alto Networks que permite a un atacante local leer el contenido de archivos arbitrarios en el sistema con altos privilegios cuando es generado un archivo de soporte. Este problema afecta: Agente Cortex XDR versiones 5.0 anteriores al agente Cortex XDR 5.0.12; Agente Cortex XDR versiones 6.1 anteriores al agente Cortex XDR 6.1.9; Agente Cortex XDR versiones 7.2 anteriores al agente Cortex XDR 7.2.4; Agente Cortex XDR versiones 7.3 anteriores al agente Cortex XDR 7.3.2"}], "id": "CVE-2022-0013", "lastModified": "2022-01-19T19:20:12.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 3.6, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2022-01-12T18:15:08.077", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0013"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-538"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}