A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an…
palo_alto·CWE-282·Published 2022-05-11
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.
Se presenta una vulnerabilidad de escalada de privilegios (PE) local en el software Cortex XDR agent de Palo Alto Networks en Windows que permite a un usuario local autenticado con privilegios de creación de archivos en el directorio root de Windows (como C:\) ejecutar un programa con altos privilegios. Este problema afecta a todas las versiones de Cortex XDR agent sin la actualización de contenido 330 o una versión posterior de actualización de contenido
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 7.2 | 3.9 | 10.0 | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| 3.1 | Primary | cve.org | 6.7 | — | — | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 6.7 | 0.8 | 5.9 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | cve.org | 6.7 | — | — | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Secondary | NVD | 6.7 | 0.8 | 5.9 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |