6.7

CVE-2022-0031

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PaloaltonetworksCortex Xsoar Version6.5.0 Update2102531
   LinuxLinux Kernel Version-
PaloaltonetworksCortex Xsoar Version6.5.0 Update2410815
   LinuxLinux Kernel Version-
PaloaltonetworksCortex Xsoar Version6.5.0 Update2583817
   LinuxLinux Kernel Version-
PaloaltonetworksCortex Xsoar Version6.6.0 Update2585049
   LinuxLinux Kernel Version-
PaloaltonetworksCortex Xsoar Version6.6.0 Update2889656
   LinuxLinux Kernel Version-
PaloaltonetworksCortex Xsoar Version6.6.0 Update3049220
   LinuxLinux Kernel Version-
PaloaltonetworksCortex Xsoar Version6.6.0 Update3124193
   LinuxLinux Kernel Version-
PaloaltonetworksCortex Xsoar Version6.8.0 Update3261002
   LinuxLinux Kernel Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.243
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@paloaltonetworks.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.