Palo Alto Networks Security Advisories / CVE-2022-0031

CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

Severity 6.7 · MEDIUM
Attack Vector LOCAL
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required HIGH
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH


A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.

Product Status

Cortex XSOAR 6.9< on Linux, <= on Linux>= on Linux
Cortex XSOAR 6.8all
Cortex XSOAR 6.6all
Cortex XSOAR 6.5all

Required Configuration for Exposure

This issue is applicable only to Cortex XSOAR engine software running on a Linux operating system that was installed through the shell method.

Please see the following link for more Cortex XSOAR engine installation information:

Severity: MEDIUM

CVSSv3.1 Base Score: 6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-345 Insufficient Verification of Data Authenticity


This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.

NOTE: The build numbers for Cortex XSOAR software releases have changed format. Please consider the new format when evaluating version applicability. Cortex XSOAR release documentation is available at the following link:

Workarounds and Mitigations

There are no known workarounds for this issue.


Palo Alto Networks thanks Olivier Caillault for discovering and reporting this issue.


Clarified fix availability as build numbers for Cortex XSOAR have changed
Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.