CVE-2022-0031 MEDIUM

CVE-2022-0031: Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

Vendor Palo Alto Networks
Product Cortex XSOAR
Weakness CWE-345
Published November 9, 2022
Last update May 1, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.

Key dates

02Disclosure timeline

November 9, 2022 CVE published
May 1, 2025 Record updated

Related vulnerabilities

04Related CVE