What is CVE-2022-0025?

CVE-2022-0025 is a local privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent software on Windows.

Who is affected by CVE-2022-0025?

Users of Palo Alto Networks Cortex XDR agent software on Windows versions 7.7.0 to 7.7.1.62043 are affected by CVE-2022-0025.

What is the severity of CVE-2022-0025?

CVE-2022-0025 has a severity rating of 6.7 (high).

How can I fix CVE-2022-0025?

To fix CVE-2022-0025, users should update Palo Alto Networks Cortex XDR agent software to a version higher than 7.7.1.62043.

Vulnerability/
CVE-2022-0025

high

7.2

CWE

427

11/5/2022

17/9/2024

CVE-2022-0025: Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability

Q: How does CVE-2022-0025 work?

CVE-2022-0025 allows an authenticated local user with file creation privilege in the Windows root directory to execute a program with elevated privileges.

First published: Wed May 11 2022(Updated: )

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent.

Credit: psirt@paloaltonetworks.com

Affected Software	Affected Version	How to fix
Paloaltonetworks Cortex Xdr Agent	>=7.7.0<7.7.1.62043
Microsoft Windows

Remedy

This issue is fixed in Cortex XDR agent 7.7.0 with content update 500, Cortex XDR agent 7.7.1 build 7.7.1.62043, and all later Cortex XDR agent versions. Ensure that Cortex XDR agent is upgraded to Cortex XDR agent 7.7.1.62043 or a later build when upgrading Cortex XDR agent to Cortex XDR agent 7.7 to prevent exposure to this vulnerability during the upgrade process.

Never miss a vulnerability like this again

Reference Links

https://security.paloaltonetworks.com/CVE-2022-0025

Frequently Asked Questions

What is CVE-2022-0025?
CVE-2022-0025 is a local privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent software on Windows.
Who is affected by CVE-2022-0025?
Users of Palo Alto Networks Cortex XDR agent software on Windows versions 7.7.0 to 7.7.1.62043 are affected by CVE-2022-0025.
What is the severity of CVE-2022-0025?
CVE-2022-0025 has a severity rating of 6.7 (high).
How does CVE-2022-0025 work?
CVE-2022-0025 allows an authenticated local user with file creation privilege in the Windows root directory to execute a program with elevated privileges.
How can I fix CVE-2022-0025?
To fix CVE-2022-0025, users should update Palo Alto Networks Cortex XDR agent software to a version higher than 7.7.1.62043.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/title
agent/last-modified-date
agent/weakness
agent/remedy
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/paloaltonetworks
canonical/paloaltonetworks cortex xdr agent
version/paloaltonetworks cortex xdr agent/7.7.0
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.