OpenCVE

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Paloaltonetworks	Cortex Xdr Agent

Configuration 1 [-]

AND

OR	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2022-0014

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-01-12T17:30:18.718839Z

Updated: 2024-09-16T23:00:50.618Z

Reserved: 2021-12-28T00:00:00

Link: CVE-2022-0014

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-12T18:15:08.133

Modified: 2022-01-19T19:21:11.090

Link: CVE-2022-0014

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "7.4.*"}, {"status": "unaffected", "version": "7.5.*"}, {"status": "unaffected", "version": "7.6.*"}, {"changes": [{"at": "7.2.4", "status": "unaffected"}], "lessThan": "7.2.4", "status": "affected", "version": "7.2", "versionType": "custom"}, {"changes": [{"at": "7.3.2", "status": "unaffected"}], "lessThan": "7.3.2", "status": "affected", "version": "7.3", "versionType": "custom"}, {"changes": [{"at": "5.0.12", "status": "unaffected"}], "lessThan": "5.0.12", "status": "affected", "version": "5.0", "versionType": "custom"}, {"changes": [{"at": "6.1.9", "status": "unaffected"}], "lessThan": "6.1.9", "status": "affected", "version": "6.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."}], "datePublic": "2022-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-12T17:30:18", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2022-0014"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."}], "source": {"defect": ["CPATR-12633"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2022-01-12T00:00:00", "value": "Initial publication"}], "title": "Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session", "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2022-01-12T17:00:00.000Z", "ID": "CVE-2022-0014", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XDR Agent", "version": {"version_data": [{"version_affected": "<", "version_name": "7.2", "version_value": "7.2.4"}, {"version_affected": "<", "version_name": "7.3", "version_value": "7.3.2"}, {"version_affected": "<", "version_name": "5.0", "version_value": "5.0.12"}, {"version_affected": "<", "version_name": "6.1", "version_value": "6.1.9"}, {"version_affected": "!>=", "version_name": "7.2", "version_value": "7.2.4"}, {"version_affected": "!>=", "version_name": "7.3", "version_value": "7.3.2"}, {"version_affected": "!>=", "version_name": "5.0", "version_value": "5.0.12"}, {"version_affected": "!>=", "version_name": "6.1", "version_value": "6.1.9"}, {"version_affected": "!", "version_name": "7.4", "version_value": "7.4.*"}, {"version_affected": "!", "version_name": "7.5", "version_value": "7.5.*"}, {"version_affected": "!", "version_name": "7.6", "version_value": "7.6.*"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-426 Untrusted Search Path"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2022-0014", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2022-0014"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."}], "source": {"defect": ["CPATR-12633"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2022-01-12T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_advisoryEoL": false, "x_affectedList": ["Cortex XDR Agent 7.3", "Cortex XDR Agent 7.2", "Cortex XDR Agent 6.1", "Cortex XDR Agent 5.0"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.475Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2022-0014"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2022-0014", "datePublished": "2022-01-12T17:30:18.718839Z", "dateReserved": "2021-12-28T00:00:00", "dateUpdated": "2024-09-16T23:00:50.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACA2B1DA-165F-44A9-B173-F39842438E69", "versionEndExcluding": "5.0.12", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD9113FA-3169-4D5C-84F6-A3AC4A510347", "versionEndExcluding": "6.1.9", "versionStartIncluding": "6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0E24F90-79DD-47F5-BC32-35E32E260BDD", "versionEndExcluding": "7.2.4", "versionStartIncluding": "7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "239EDF44-FCDF-45AC-AE50-D57E6FD7539B", "versionEndExcluding": "7.3.2", "versionStartIncluding": "7.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de ruta de b\u00fasqueda no confiable en el agente Cortex XDR de Palo Alto Networks que permite a un atacante local con privilegios de creaci\u00f3n de archivos en el directorio root de Windows (como C:\\) almacenar un programa que puede ser ejecutado involuntariamente por otro usuario local cuando \u00e9ste usa una sesi\u00f3n de Live Terminal. Este problema afecta: Agente Cortex XDR versiones 5.0 anteriores al agente Cortex XDR 5.0.12; Agente Cortex XDR versiones 6.1 anteriores al agente Cortex XDR 6.1.9; Agente Cortex XDR versiones 7.2 anteriores al agente Cortex XDR 7.2.4; Agente Cortex XDR versiones 7.3 anteriores al agente Cortex XDR 7.3.2"}], "id": "CVE-2022-0014", "lastModified": "2022-01-19T19:21:11.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2022-01-12T18:15:08.133", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0014"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-426"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}