CVE Vulnerabilities

CVE-2022-0031

Insufficient Verification of Data Authenticity

Published: Nov 09, 2022 | Modified: Nov 10, 2022
CVSS 3.x
6.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name Vendor Start Version End Version
Cortex_xsoar Paloaltonetworks 6.5.0 6.5.0
Cortex_xsoar Paloaltonetworks 6.5.0 6.5.0
Cortex_xsoar Paloaltonetworks 6.5.0 6.5.0
Cortex_xsoar Paloaltonetworks 6.6.0 6.6.0
Cortex_xsoar Paloaltonetworks 6.6.0 6.6.0
Cortex_xsoar Paloaltonetworks 6.6.0 6.6.0
Cortex_xsoar Paloaltonetworks 6.6.0 6.6.0
Cortex_xsoar Paloaltonetworks 6.8.0 6.8.0

References