Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.5775.2 CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine 21 November 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cortex XSOAR Publisher: Palo Alto Networks Operating System: Linux variants Resolution: Patch/Upgrade CVE Names: CVE-2022-0031 Original Bulletin: https://securityadvisories.paloaltonetworks.com/CVE-2022-0031 Comment: CVSS (Max): 6.7 CVE-2022-0031 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Revision History: November 21 2022: Clarified fix availability as build numbers for Cortex XSOAR have changed. Updated the CVSS source. November 10 2022: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Palo Alto Networks Security Advisories / CVE-2022-0031 CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine 047910 Severity 6.7 . MEDIUM Attack Vector LOCAL Scope UNCHANGED Attack Complexity LOW Confidentiality Impact HIGH Privileges Required HIGH Integrity Impact HIGH User Interaction NONE Availability Impact HIGH NVD JSON Published 2022-11-09 Updated 2022-11-19 Reference CRTX-57476 Discovered externally Description A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. Product Status Versions Affected Unaffected Cortex XSOAR < 6.9.0.130766 on Linux, <= 6.9.0.3387847 >= 6.9.0.130766 on 6.9 on Linux Linux Cortex XSOAR all 6.8 Cortex XSOAR all 6.6 Cortex XSOAR all 6.5 Required Configuration for Exposure This issue is applicable only to Cortex XSOAR engine software running on a Linux operating system that was installed through the shell method. Please see the following link for more Cortex XSOAR engine installation information: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-admin/ engines/install-deploy-and-configure-demisto-engines Severity:MEDIUM CVSSv3.1 Base Score:6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Exploitation Status Palo Alto Networks is not aware of any malicious exploitation of this issue. Weakness Type CWE-345 Insufficient Verification of Data Authenticity Solution This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR. NOTE: The build numbers for Cortex XSOAR software releases have changed format. Please consider the new format when evaluating version applicability. Cortex XSOAR release documentation is available at the following link: https:// docs.paloaltonetworks.com/cortex/cortex-xsoar. Workarounds and Mitigations There are no known workarounds for this issue. Acknowledgments Palo Alto Networks thanks Olivier Caillault for discovering and reporting this issue. Timeline 2022-11-19 Clarified fix availability as build numbers for Cortex XSOAR have changed 2022-11-09 Initial publication Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions (C) 2022 Palo Alto Networks, Inc. All rights reserved. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY3sMk8kNZI30y1K9AQgTXg//YmYoMnK1IVOA8Hw13EoS6iU9AR63txOB HLkbekI+5MsUIrbO7CPmHc9KhD9/Pb+m+UqxGAzUNM7fguFSBCGWpsNB8NBHDmyU W31ajp7BFavuUZbE4mWn67/vyhqb5ufysHyAiIhKfiEF1xqiwFU2Bcrmw5sUdZsX kdwsSce2QBDHfo+kyJ7b7ldUOF/pmEhEsEH0ORl7AKP/V3VnPgJb4xmiqvuWVSkF q2aq5PHHbWCTnrFgda7Zyw2xEG2vLgwEIaNVsTs8nHzS7XA2ZRvL5RrAGV0E+FrK mR7tEvp1G/HmHOrJnh1LuuZ8X/mkyO+O3aaoF291DrXUqwE2D+PZtLbJ+nWLsH/x D+5koTAkJfy4b18CjrCAoW21j4iXR7vVTj+/u1G+WTKrecLMHCnS2O/NLXTLxwog o+nJo2kUYQlbW+tmy/u7la4QL3+bKU5uMSPADqRm+0x1ZIketOWzbwzP+OjUU5VD SBWvAV6Wju4h/QZB9kjqJA/zyGYFENHsPKV9VXhArGjfVveleTB9rFSWL5x9OfSf 4SCgi9Zy2hGlzMPBXUz0xkFfszYK9nvdNe35DUZSsFhgIpK/8BuZ5ehqpqC3dlw/ w3ZAL9QRQk6zZu85/hrCNqWxd/DMc0CyQLpgfIXxR388PMCwzYayDsCsFX1vV6gy 0uYBPhBSK/M= =Zd3g -----END PGP SIGNATURE-----