CVE-2022-0031

Description

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Palo Alto Networks / Cortex XSOAR6.9.0.0 – 6.9.0.130766
Palo Alto Networks / Cortex XSOAR6.8.0.0 – 6.8.0.0
Palo Alto Networks / Cortex XSOAR6.6.0.0 – 6.6.0.0
Palo Alto Networks / Cortex XSOAR6.5.0.0 – 6.5.0.0

References

MISChttps://security.paloaltonetworks.com/CVE-2022-0031