Description
A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
High
Integrity (Subsequent System)
High
Availability (Subsequent System)
High
AU
None
R
Unchanged
V
D
RE
M
U
Amber
Affected products
- Palo Alto Networks / Cortex XDR Broker VM1.0.0 – 26.100.3