CVE-2022-0014
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.
Published at
2022-01-12
4 days ago
Modified
2022-01-12
4 days ago
2022
Year
The year of the turtle
https://security.paloaltonetworks.com/CVE-2022-0014
MISC:https://security.paloaltonetworks.com/CVE-2022-0014
Vulnerability RAW
{
"Title": {
"_text": "CVE-2022-0014"
},
"Notes": {
"Note": [
{
"_text": "An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
},
{
"_text": "2022-01-12"
},
{
"_text": "2022-01-12"
}
]
},
"CVE": {
"_text": "CVE-2022-0014"
},
"References": {
"Reference": {
"URL": {
"_text": "https://security.paloaltonetworks.com/CVE-2022-0014"
},
"Description": {
"_text": "MISC:https://security.paloaltonetworks.com/CVE-2022-0014"
}
}
}
}