CVE-2022-0015: 
Cortex XDR vulnerability analysis and mitigation

A local privilege escalation (PE) vulnerability was discovered in the Palo Alto Networks Cortex XDR agent, identified as CVE-2022-0015. The vulnerability was discovered by Xavier DANEST of Decathlon and disclosed on January 12, 2022. This security flaw affects Cortex XDR agent versions 5.0 (earlier than 5.0.12) and 6.1 (earlier than 6.1.9) (Palo Advisory).

The vulnerability is classified as an Uncontrolled Search Path Element (CWE-427) with a CVSSv3.1 Base Score of 7.8 (HIGH). The vulnerability assessment indicates LOCAL attack vector, LOW attack complexity, LOW privileges required, and NO user interaction needed. The impact scores for Confidentiality, Integrity, and Availability are all rated as HIGH (Palo Advisory).

When exploited, this vulnerability allows an authenticated local user to execute programs with elevated privileges, potentially leading to complete system compromise. The vulnerability affects the security triad with high impacts on confidentiality, integrity, and availability of the system (Palo Advisory).

The vulnerability has been patched in Cortex XDR agent versions 5.0.12, 6.1.9, and all later versions. No workarounds are available for this issue, making it critical for affected users to update to the patched versions (Palo Advisory).