CVE-2022-29549: 
Qualys Cloud Agent vulnerability analysis and mitigation

CVE-2022-29549 was discovered in Qualys Cloud Agent 4.8.0-49. The vulnerability affects the agent's execution of programs at various full pathnames without first making ownership and permission checks. The issue was disclosed on August 15, 2022, and affects Qualys Cloud Agent for Linux with manifest versions prior to 2.5.548.2 (Qualys Advisory, NVD).

The vulnerability stems from the agent executing programs at various full pathnames without performing ownership and permission checks (e.g., to verify program installation by root) and without integrity checks (e.g., checksum comparison against known legitimate programs). The vendor recommendation is to install this agent software with root privileges. The CVSS v3.1 base score is 7.0 (High), with the vector: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H (Qualys Advisory).

The vulnerability enables privilege escalation on systems where any of the affected pathnames is controlled by a non-root user. For example, if the /opt/firebird directory is owned by the firebird user, an attacker could exploit the /opt/firebird/bin/isql pathname. When the Qualys Agent runs as root, this could allow execution of arbitrary code with root privileges (NVD).

No action is required by customers as Qualys automatically updated the Cloud Agent manifests to version 2.5.548.2 across all regions. The Enterprise TruRisk Platform was updated across all regions effective immediately. Customers can use QID 376807 (released August 15, 2022) to identify assets using older manifest versions (Qualys Advisory).

The vulnerability was responsibly disclosed by the Unqork Security Team (Justin Borland, Daniel Wood, David Heise, Bryan Li). Qualys assessed the severity as Medium despite the NVD rating of High, citing the high attack complexity requirements (Qualys Advisory).