Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability
CVE-2022-0012

6.1MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cortex Xdr Agent
Vendor: CVE Published:; 12 January 2022

Badges

👾 Exploit Exists

Summary

An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

Affected Version(s)

Cortex XDR Agent Windows 5.0 < 5.0.12

Cortex XDR Agent Windows 7.2 < 7.2.4

Cortex XDR Agent Windows 7.3 < 7.3.2

References

https://security.paloaltonetworks.com/CVE-2022-0012

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Sep 17, 2024
Vulnerability published
Jan 12, 2022
Vulnerability Reserved
Dec 28, 2021

Credit

Palo Alto Networks thanks Chris Au for discovering and reporting this issue.