CVE-2022-0026
MEDIUMCortex XDR Agent - Local Privilege Escalation via File Creation in Windows Root Directory
Title source: llmDescription
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2022-0026
Scores
CVSS v3
6.7
EPSS
0.0004
EPSS Percentile
11.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-282
Status
published
Products (19)
paloaltonetworks/cortex_xdr_agent
6.1
paloaltonetworks/cortex_xdr_agent
6.1.4 hotfix
paloaltonetworks/cortex_xdr_agent
6.1.5 (2 CPE variants)
paloaltonetworks/cortex_xdr_agent
6.1.6
paloaltonetworks/cortex_xdr_agent
6.1.7
paloaltonetworks/cortex_xdr_agent
6.1.8
paloaltonetworks/cortex_xdr_agent
6.1.9
paloaltonetworks/cortex_xdr_agent
7.4.1
paloaltonetworks/cortex_xdr_agent
7.4.2
paloaltonetworks/cortex_xdr_agent
7.4.3
... and 9 more
Published
May 11, 2022
Tracked Since
Feb 18, 2026