SB2022011214 - Multiple vulnerabilities in Cortex XDR Agent for Windows
Published: January 12, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Insecure DLL loading (CVE-ID: CVE-2022-0015)
The vulnerability allows a local user to escalate privilege son the system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a malicious DLL file on the system and execute arbitrary code with elevated privileges.
2) Untrusted search path (CVE-ID: CVE-2022-0014)
The vulnerability allows a local user to elevate privileges on the system.
The vulnerability exist due to application loads libraries in an insecure manner. A local user with file creation privilege in the Windows root directory (such as C:\\) can place a malicious program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session.
3) File and Directory Information Exposure (CVE-ID: CVE-2022-0013)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due information disclosure issue when generating a support files. A local user can read arbitrary file on the system with elevated privileges.
4) Link following (CVE-ID: CVE-2022-0012)
The vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists due to insecure link following. A local user can create a symbolic link to critical files on the system and delete them.
Remediation
Install update from vendor's website.