Palo Alto Networks Security Advisories / CVE-2023-3282

CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine

Severity 4.9 · MEDIUM
Response Effort MODERATE
Recovery USER
Attack Vector LOCAL
Attack Complexity HIGH
Attack Requirements PRESENT
Automatable NO
User Interaction NONE
Product Confidentiality NONE
Product Integrity NONE
Product Availability NONE
Privileges Required HIGH
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability HIGH


A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.

Product Status

Cortex XSOAR 8NoneAll
Cortex XSOAR 6.12NoneAll
Cortex XSOAR 6.11NoneAll
Cortex XSOAR 6.10< on Linux>= on Linux

Required Configuration for Exposure

This issue is applicable only to Cortex XSOAR engines installed through the shell method that are running on a Linux operating system.

Please see the following link for more Cortex XSOAR engine installation information:

Severity: MEDIUM

CVSSv4.0 Base Score: 4.9 (CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:C/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-732 Incorrect Permission Assignment for Critical Resource


This issue is fixed in deployed Cortex XSOAR engines when an updated engine installer is created and used to upgrade the engine from Cortex XSOAR 6.10 build B250144 and all later builds of Cortex XSOAR.


Palo Alto Networks thanks Romeo Benzoni for discovering and reporting this issue.


Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.