CVE-2022-0031 - Vulnerability Details - OpenCVE

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Paloaltonetworks	Cortex Xsoar

Configuration 1 [-]

AND

OR	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2102531::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2410815::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2583817::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.

Workaround

There are no known workarounds for this issue.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2022-0031

History

Thu, 01 May 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-11-09T17:24:34.557Z

Updated: 2025-05-01T19:10:17.973Z

Reserved: 2021-12-28T23:54:27.328Z

Link: CVE-2022-0031

Vulnrichment

Updated: 2024-08-02T23:18:41.569Z

NVD

Status : Modified

Published: 2022-11-09T18:15:12.263

Modified: 2024-11-21T06:37:51.570

Link: CVE-2022-0031

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-0031", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "requesterUserId": "4bdfcd35-6352-4419-9b3e-118da80d0642", "dateReserved": "2021-12-28T23:54:27.328Z", "datePublished": "2022-11-09T17:24:34.557Z", "dateUpdated": "2025-05-01T19:10:17.973Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Cortex XSOAR engine"], "platforms": ["Linux"], "product": "Cortex XSOAR", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "6.9.0.130766", "status": "unaffected"}], "lessThan": "6.9.0.130766", "status": "affected", "version": "6.9.0.0", "versionType": "custom"}, {"status": "affected", "version": "6.8.0.0"}, {"status": "affected", "version": "6.6.0.0"}, {"status": "affected", "version": "6.5.0.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Palo Alto Networks thanks Olivier Caillault for discovering and reporting this issue."}], "datePublic": "2022-11-09T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."}], "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2022-11-09T17:24:34.557Z"}, "references": [{"url": "https://security.paloaltonetworks.com/CVE-2022-0031"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.</span><br>"}], "value": "This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.\n"}], "source": {"defect": ["CRTX-57476"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2022-11-09T17:00:00.000Z", "value": "Initial publication"}], "title": "Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There are no known workarounds for this issue.</p>"}], "value": "There are no known workarounds for this issue.\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.569Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2022-0031", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-01T19:10:04.345708Z", "id": "CVE-2022-0031", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T19:10:17.973Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2022-0031", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.569Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-0031", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-01T19:10:04.345708Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T19:10:12.995Z"}}], "cna": {"title": "Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine", "source": {"defect": ["CRTX-57476"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Palo Alto Networks thanks Olivier Caillault for discovering and reporting this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "modules": ["Cortex XSOAR engine"], "product": "Cortex XSOAR", "versions": [{"status": "affected", "changes": [{"at": "6.9.0.130766", "status": "unaffected"}], "version": "6.9.0.0", "lessThan": "6.9.0.130766", "versionType": "custom"}, {"status": "affected", "version": "6.8.0.0"}, {"status": "affected", "version": "6.6.0.0"}, {"status": "affected", "version": "6.5.0.0"}], "platforms": ["Linux"], "defaultStatus": "affected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2022-11-09T17:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.</span><br>", "base64": false}]}], "datePublic": "2022-11-09T17:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2022-0031"}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>There are no known workarounds for this issue.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.", "supportingMedia": [{"type": "text/html", "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2022-11-09T17:24:34.557Z"}}}, "cveMetadata": {"cveId": "CVE-2022-0031", "state": "PUBLISHED", "dateUpdated": "2025-05-01T19:10:17.973Z", "dateReserved": "2021-12-28T23:54:27.328Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2022-11-09T17:24:34.557Z", "requesterUserId": "4bdfcd35-6352-4419-9b3e-118da80d0642", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2102531:*:*:*:*:*:*", "matchCriteriaId": "C315DCB0-0C0D-4A01-861C-C4C116131E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2410815:*:*:*:*:*:*", "matchCriteriaId": "19C3EC22-FDB7-4FBB-A7E8-78154EB04B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:2583817:*:*:*:*:*:*", "matchCriteriaId": "93FB151B-5FCA-462D-84EA-5BEE8ABF3482", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049:*:*:*:*:*:*", "matchCriteriaId": "C8EB5D56-A088-4C98-A840-C434BDB4BDF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656:*:*:*:*:*:*", "matchCriteriaId": "38AE91D5-806F-47AD-84C6-96EA1E147691", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220:*:*:*:*:*:*", "matchCriteriaId": "976AE69C-D4D6-4B5A-90F4-6627E9A10A09", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193:*:*:*:*:*:*", "matchCriteriaId": "F61D6A0A-D99D-47BD-AFC5-6CEDF578A77E", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002:*:*:*:*:*:*", "matchCriteriaId": "62A10DA6-5BDC-49EC-B485-404E9EB6CF89", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."}, {"lang": "es", "value": "Una vulnerabilidad de Escalada de Privilegios (PE) locales en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un Sistema Operativo Linux permite a un atacante local con acceso de shell al motor, ejecutar programas con privilegios elevados."}], "id": "CVE-2022-0031", "lastModified": "2024-11-21T06:37:51.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-09T18:15:12.263", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0031"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0031"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}