First published: Wed Sep 14 2022(Updated: )
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Palo Alto Networks Cortex XDR Agent | >=5.0<5.0.12 | |
Palo Alto Networks Cortex XDR Agent | >=7.5<7.5.101 | |
Palo Alto Networks Cortex XDR Agent | >=7.7<7.7.3 | |
Microsoft Windows Operating System |
This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-0029 is an improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices.
CVE-2022-0029 allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
CVE-2022-0029 affects Palo Alto Networks Cortex XDR agent on Windows devices.
The severity of CVE-2022-0029 is medium with a CVSS score of 5.5.
To fix CVE-2022-0029, update to a version of Palo Alto Networks Cortex XDR agent that is not vulnerable.
No, Microsoft Windows is not affected by CVE-2022-0029.
You can find more information about CVE-2022-0029 on the Palo Alto Networks security website: https://security.paloaltonetworks.com/CVE-2022-0029