CVE-2022-0013— Palo Alto Networks Cortex XDR 信息泄露漏洞

Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File

A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

文件和路径信息暴露

Palo Alto Networks Cortex XDR 信息泄露漏洞

Palo Alto Networks Cortex XDR是马来西亚Palo Alto Networks公司的一个用于基于远程端点检测的安全运营平台。 Palo Alto Networks Cortex XDR 代理中存在安全漏洞，本地攻击者可以在生成支持文件时以提升的权限读取系统上任意文件的内容。此问题影响： Cortex XDR 代理 5.0 版本早于 Cortex XDR 代理 5.0.12；Cortex XDR 代理 6.1 版本早于 Cortex XDR 代理 6.1.9；Cortex XDR

N/A

N/A