CVE-2022-0012

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Cortex XDR agent versions prior to 5.0.12 Palo Alto Networks Cortex XDR agent versions prior to 6.1.9 Palo Alto Networks Cortex XDR agent versions prior to 7.2.4 Palo Alto Networks Cortex XDR agent versions prior to 7.3.2

Description An improper link resolution before file access issue exists in the Palo Alto Networks Cortex XDR agent on Windows platforms, enabling a local user to delete arbitrary system files, impact system integrity, or cause a denial of service condition.

Recommendations For versions prior to 5.0.12, update to version 5.0.12 or later. For versions prior to 6.1.9, update to version 6.1.9 or later. For versions prior to 7.2.4, update to version 7.2.4 or later. For versions prior to 7.3.2, update to version 7.3.2 or later.