CVE-2022-0013: 
Cortex XDR vulnerability analysis and mitigation

A file information exposure vulnerability was identified in the Palo Alto Networks Cortex XDR agent, tracked as CVE-2022-0013. The vulnerability was discovered during an internal security review by Robert McCallum of Palo Alto Networks and was disclosed on January 12, 2022. This vulnerability affects multiple versions of the Cortex XDR agent on Windows systems, specifically versions 5.0 (before 5.0.12), 6.1 (before 6.1.9), 7.2 (before 7.2.4), and 7.3 (before 7.3.2) (Palo Alto).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.0 (Medium severity) with the following metrics: Attack Vector: Local, Attack Complexity: Low, Privileges Required: Low, User Interaction: Required, Scope: Unchanged, Confidentiality Impact: High, Integrity Impact: None, Availability Impact: None. The vulnerability is classified as CWE-538 (File and Directory Information Exposure) (Palo Alto).

When exploited, this vulnerability allows a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This represents a significant confidentiality breach as it could expose sensitive system information (Palo Alto).

The vulnerability has been fixed in Cortex XDR agent versions 5.0.12, 6.1.9, 7.2.4, 7.3.2, and all later versions. Palo Alto Networks has indicated that there are no known workarounds for this issue, making it critical for affected users to update to the patched versions (Palo Alto).