CVE-2022-0013 · CVEKit

cve.orgen

521 chars

A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

NVDen

521 chars

A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

NVDes

575 chars

Se presenta una vulnerabilidad de exposición de información de archivos en el agente Cortex XDR de Palo Alto Networks que permite a un atacante local leer el contenido de archivos arbitrarios en el sistema con altos privilegios cuando es generado un archivo de soporte. Este problema afecta: Agente Cortex XDR versiones 5.0 anteriores al agente Cortex XDR 5.0.12; Agente Cortex XDR versiones 6.1 anteriores al agente Cortex XDR 6.1.9; Agente Cortex XDR versiones 7.2 anteriores al agente Cortex XDR 7.2.4; Agente Cortex XDR versiones 7.3 anteriores al agente Cortex XDR 7.3.2

CVSS metrics across sources

5

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N