CVE-2022-0031

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
palo_altoCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
paloaltonetworkscortex_xsoar
6.5.0:2102531
paloaltonetworkscortex_xsoar
6.5.0:2410815
paloaltonetworkscortex_xsoar
6.5.0:2583817
paloaltonetworkscortex_xsoar
6.6.0:2585049
paloaltonetworkscortex_xsoar
6.6.0:2889656
paloaltonetworkscortex_xsoar
6.6.0:3049220
paloaltonetworkscortex_xsoar
6.6.0:3124193
paloaltonetworkscortex_xsoar
6.8.0:3261002
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVE-2022-0031
https://security.paloaltonetworks.com/CVE-2022-0031