===================================================================                                 CERT-Renater

                      Note d'Information No. 2023/VULN065

_____________________________________________________________________

DATE                : 13/02/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cortex XSOAR versions prior to 
    6.10.0.185964, 6.9.B1854155, 6.8.B185719, 6.6.B186115.

====================================================================https://security.paloaltonetworks.com/CVE-2023-0003
_____________________________________________________________________

CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the 
Cortex XSOAR Server


Severity 6.5 ·          MEDIUM
Attack Vector           NETWORK
Scope                   UNCHANGED
Attack Complexity       LOW
Confidentiality Impact  HIGH
Privileges Required     LOW
Integrity Impact        NONE
User Interaction        NONE
Availability Impact     NONE
NVD JSON
Published              2023-02-08
Updated                2023-02-08
Reference              CRTX-65775
Discovered externally


Description

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR 
server software enables an authenticated user with access to the web 
interface to read local files from the server.


Product Status
Versions               Affected           Unaffected
Cortex XSOAR 8.1       None               all
Cortex XSOAR 6.10      < 6.10.0.185964    >= 6.10.0.185964
Cortex XSOAR 6.9	< 6.9.B185415     >= 6.9.B185415
Cortex XSOAR 6.8	< 6.8.B185719     >= 6.8.B185719
Cortex XSOAR 6.6	< 6.6.B186115     >= 6.6.B186115

Severity:MEDIUM

CVSSv3.1 Base Score:6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)


Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.


Weakness Type

CWE-73 External Control of File Name or Path


Solution

This issue is fixed in Cortex XSOAR 6.6 build B186115, Cortex XSOAR 6.8 
build B185719, Cortex XSOAR 6.9 build B185415, Cortex XSOAR 6.10 build 
185964, and all later builds of Cortex XSOAR.

NOTE: Cortex XSOAR 6.10.0 build 185964 is generally available for 
customers to download. Customers using Cortex XSOAR hosted services, and 
those wanting to upgrade to a non-generally available build, will need 
to make a Customer upport request at 
https://support.paloaltonetworks.com/ to upgrade.


Workarounds and Mitigations

There are no known workarounds for this issue.


Acknowledgments
Palo Alto Networks thanks Eric Turpin for discovering and reporting this 
issue.


Timeline

2023-02-08
Initial publication

========================================================+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=======================================================