===================================================================                                CERT-Renater

                     Note d'Information No. 2022/VULN329

_____________________________________________________________________

DATE                : 15/09/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cortex XDR Agent versions prior
                        to 5.0.12-hotfix update, 7.5.101-CE, 7.7.3.

====================================================================https://security.paloaltonetworks.com/CVE-2022-0029
_____________________________________________________________________

CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution
Vulnerability When Generating a Tech Support File


Severity 5.5 ·         MEDIUM
Attack Vector          LOCAL
Scope                  UNCHANGED
Attack Complexity      LOW
Confidentiality Impact HIGH
Privileges Required    LOW
Integrity Impact       NONE
User Interaction       NONE
Availability Impact    NONE

NVD JSON

  Published 2022-09-14
  Updated 2022-09-14

Reference CPATR-16806
Discovered externally


Description
An improper link resolution vulnerability in the Palo Alto Networks
Cortex XDR agent on Windows devices allows a local attacker to read
files on the system with elevated privileges when generating a tech
support file.


Product Status

Versions	Affected	Unaffected

Cortex XDR Agent 7.5 CE	  < 7.5.101-CE on Windows   >= 7.5.101-CE
Cortex XDR Agent 7.8      None                      all
Cortex XDR Agent 7.7      < 7.7.3 on Windows        >= 7.7.3

Cortex XDR Agent 5.0      < 5.0.12-hotfix update
                           on Windows	     >= 5.0.12-hotfix update

Severity:MEDIUM
CVSSv3.1 Base Score:5.5
(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)


Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of
this issue. However, details of this vulnerability are expected
to become publicly available.


Weakness Type
CWE-59 Improper Link Resolution Before File Access ('Link
Following')


Solution
This issue is fixed in Cortex XDR agent 5.0.12-hotfix update,
Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all
later versions of the Cortex XDR agent.

Acknowledgments
Palo Alto Networks thanks Diego García of INCIDE for
discovering and reporting this issue.


Timeline

2022-09-14
Initial publication

========================================================+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=======================================================