CVE-2022-0014

Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session

Description

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

Remediation

Solution:

This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions.

Workaround:

There are no known workarounds for this issue.

References

Link	Tags
https://security.paloaltonetworks.com/CVE-2022-0014	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-0014?: CVE-2022-0014 has been scored as a medium severity vulnerability.
How to fix CVE-2022-0014?: To fix CVE-2022-0014: This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions.
Is CVE-2022-0014 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-0014 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-0014?: CVE-2022-0014 affects Palo Alto Networks Cortex XDR Agent.

Description

Remediation

Category

CWE-426 – Untrusted Search Path

References

Frequently Asked Questions