CVE-2022-0025 : What You Need to Know

A local privilege escalation (PE) vulnerability was discovered in Palo Alto Networks Cortex XDR agent software on Windows, allowing an authenticated local user to execute a program with elevated privileges. This CVE affects specific versions of the Cortex XDR Agent.

Understanding CVE-2022-0025

This section provides an overview of the vulnerability, its impact, technical details, and mitigation strategies.

What is CVE-2022-0025?

The vulnerability enables an authenticated local user in the Windows root directory to execute a program with elevated privileges in Cortex XDR Agent software.

The Impact of CVE-2022-0025

With a CVSS base score of 6.7, this vulnerability has a medium severity level, posing a high risk to confidentiality, integrity, and availability.

Technical Details of CVE-2022-0025

The following details describe the vulnerability, affected systems and versions, as well as the exploitation mechanism.

Vulnerability Description

The issue exists in all versions of the Cortex XDR agent during an upgrade to version 7.7.0 on Windows or versions without content update 500.

Affected Systems and Versions

Specific versions of Cortex XDR Agent on Windows are impacted, including versions 7.7 and earlier.

Exploitation Mechanism

The vulnerability allows an authenticated local user with file creation privilege in the Windows root directory to escalate privileges.

Mitigation and Prevention

This section outlines immediate steps to take, long-term security practices, and the importance of patching and updates.

Immediate Steps to Take

Upgrade to Cortex XDR Agent 7.7.1.62043 or later to prevent exposure to this vulnerability during upgrades.

Long-Term Security Practices

Regularly update and patch Cortex XDR Agent software to protect against potential threats and vulnerabilities.

Patching and Updates

Ensure that your Cortex XDR Agent is always kept up to date with the latest security patches and updates.