CVE-2022-0012: 
Cortex XDR vulnerability analysis and mitigation

An improper link resolution before file access vulnerability (CVE-2022-0012) was discovered in the Palo Alto Networks Cortex XDR agent on Windows platforms. The vulnerability was disclosed on January 12, 2022, affecting multiple versions of the Cortex XDR agent including versions 5.0, 6.1, 7.2, and 7.3 on Windows platforms (Palo Advisory).

The vulnerability is classified as CWE-59 (Improper Link Resolution Before File Access) with a CVSS v3.1 Base Score of 6.1 (MEDIUM severity). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), with no impact on confidentiality (C:N), low impact on integrity (I:L), and high impact on availability (A:H) (Palo Advisory, NVD).

The vulnerability enables a local user to delete arbitrary system files, potentially compromising system integrity or causing a denial of service condition on affected Windows systems (Palo Advisory).

The vulnerability has been fixed in Cortex XDR agent versions 5.0.12, 6.1.9, 7.2.4, 7.3.2, and all later versions. No workarounds are available for this issue, and users are advised to upgrade to the patched versions (Palo Advisory).

The vulnerability was discovered and reported by Chris Au, demonstrating the effectiveness of external security research collaboration with Palo Alto Networks (Palo Advisory).