CVE-2022-0029: 
Cortex XDR vulnerability analysis and mitigation

An improper link resolution vulnerability was discovered in the Palo Alto Networks Cortex XDR agent on Windows devices, identified as CVE-2022-0029. The vulnerability was disclosed on September 14, 2022, affecting multiple versions of the Cortex XDR Agent including versions 7.5 CE, 7.7, and 5.0 on Windows systems. The issue was discovered by Diego García of INCIDE and reported to Palo Alto Networks (Palo Alto).

The vulnerability is classified as CWE-59 (Improper Link Resolution Before File Access) with a CVSSv3.1 Base Score of 5.5, categorized as MEDIUM severity. The attack vector is LOCAL, with low attack complexity and requiring low privileges. The vulnerability has high confidentiality impact but no integrity or availability impact. The technical assessment indicates that no user interaction is required for exploitation (Palo Alto).

When exploited, this vulnerability allows a local attacker to read files on the system with elevated privileges specifically when generating a tech support file. The impact is primarily focused on confidentiality, as it enables unauthorized access to potentially sensitive system files (Palo Alto).

The vulnerability has been fixed in multiple versions of the Cortex XDR agent: version 5.0.12-hotfix update, version 7.5.101-CE, version 7.7.3, and all later versions. Users are advised to upgrade to these patched versions to mitigate the vulnerability (Palo Alto).