CVE-2022-0031 - OpenCVE

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Paloaltonetworks	Cortex Xsoar

Configuration 1 [-]

AND

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2102531::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2410815::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2583817::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002::::::

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2022-0031

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-11-09T17:24:34.557Z

Updated: 2024-08-02T23:18:41.569Z

Reserved: 2021-12-28T23:54:27.328Z

Link: CVE-2022-0031

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-09T18:15:12.263

Modified: 2022-11-10T15:57:42.100

Link: CVE-2022-0031

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-0031", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "requesterUserId": "4bdfcd35-6352-4419-9b3e-118da80d0642", "dateReserved": "2021-12-28T23:54:27.328Z", "datePublished": "2022-11-09T17:24:34.557Z", "dateUpdated": "2024-08-02T23:18:41.569Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Cortex XSOAR engine"], "platforms": ["Linux"], "product": "Cortex XSOAR", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "6.9.0.130766", "status": "unaffected"}], "lessThan": "6.9.0.130766", "status": "affected", "version": "6.9.0.0", "versionType": "custom"}, {"status": "affected", "version": "6.8.0.0"}, {"status": "affected", "version": "6.6.0.0"}, {"status": "affected", "version": "6.5.0.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Palo Alto Networks thanks Olivier Caillault for discovering and reporting this issue."}], "datePublic": "2022-11-09T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."}], "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2022-11-09T17:24:34.557Z"}, "references": [{"url": "https://security.paloaltonetworks.com/CVE-2022-0031"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.</span><br>"}], "value": "This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.\n"}], "source": {"defect": ["CRTX-57476"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2022-11-09T17:00:00.000Z", "value": "Initial publication"}], "title": "Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There are no known workarounds for this issue.</p>"}], "value": "There are no known workarounds for this issue.\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.569Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2022-0031", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2102531:*:*:*:*:*:*", "matchCriteriaId": "C315DCB0-0C0D-4A01-861C-C4C116131E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2410815:*:*:*:*:*:*", "matchCriteriaId": "19C3EC22-FDB7-4FBB-A7E8-78154EB04B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2583817:*:*:*:*:*:*", "matchCriteriaId": "93FB151B-5FCA-462D-84EA-5BEE8ABF3482", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049:*:*:*:*:*:*", "matchCriteriaId": "C8EB5D56-A088-4C98-A840-C434BDB4BDF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656:*:*:*:*:*:*", "matchCriteriaId": "38AE91D5-806F-47AD-84C6-96EA1E147691", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220:*:*:*:*:*:*", "matchCriteriaId": "976AE69C-D4D6-4B5A-90F4-6627E9A10A09", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193:*:*:*:*:*:*", "matchCriteriaId": "F61D6A0A-D99D-47BD-AFC5-6CEDF578A77E", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002:*:*:*:*:*:*", "matchCriteriaId": "62A10DA6-5BDC-49EC-B485-404E9EB6CF89", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."}, {"lang": "es", "value": "Una vulnerabilidad de Escalada de Privilegios (PE) locales en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un Sistema Operativo Linux permite a un atacante local con acceso de shell al motor, ejecutar programas con privilegios elevados."}], "id": "CVE-2022-0031", "lastModified": "2022-11-10T15:57:42.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2022-11-09T18:15:12.263", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0031"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}