Search criteria
70 vulnerabilities found for Cortex XDR Agent by Palo Alto Networks
CERTFR-2025-AVI-0782
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Microsoft 365 Defender Pack versions 4.6.x antérieures à 4.6.5 pour Windows | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions antérieures à 139.12.4.128 | ||
| Palo Alto Networks | N/A | User-ID Credential Agent versions postérieures ou égales à 11.0.2-133 et antérieures à 11.0.3 pour Windows |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Microsoft 365 Defender Pack versions 4.6.x ant\u00e9rieures \u00e0 4.6.5 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 139.12.4.128",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "User-ID Credential Agent versions post\u00e9rieures ou \u00e9gales \u00e0 11.0.2-133 et ant\u00e9rieures \u00e0 11.0.3 pour Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8581"
},
{
"name": "CVE-2025-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4235"
},
{
"name": "CVE-2025-4234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4234"
},
{
"name": "CVE-2025-8577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8577"
},
{
"name": "CVE-2025-8582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8582"
},
{
"name": "CVE-2025-8578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8578"
},
{
"name": "CVE-2025-8580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8580"
},
{
"name": "CVE-2025-8579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8579"
},
{
"name": "CVE-2025-8583",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8583"
},
{
"name": "CVE-2025-8576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8576"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0782",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4235",
"url": "https://security.paloaltonetworks.com/CVE-2025-4235"
},
{
"published_at": "2025-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4234",
"url": "https://security.paloaltonetworks.com/CVE-2025-4234"
},
{
"published_at": "2025-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0015",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0015"
}
]
}
CERTFR-2025-AVI-0301
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.2.x et 6.3.x antérieures à 6.3.4 | ||
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.5.x antérieures à 6.5.1 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3-CE.x antérieures à 8.3.101-CE HF pour Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.x antérieures à 11.2.6 | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions 10.2.4.x antérieures à 10.2.4-h36 | ||
| Palo Alto Networks | Cloud NGFW | Cloud NGFW sans les derniers correctifs de sécurité | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions 11.2.x antérieures à 11.2.4-h5 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.x antérieures à 6.2.8 pour Windows | ||
| Palo Alto Networks | Cortex XDR Broker | Cortex XDR Broker VM versions antérieures à 26.100.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.3.x antérieures à 6.3.3 pour Windows | ||
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.4.x antérieures à 6.4.2 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.6.x antérieures à 8.6.1 pour Windows | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions antérieures à 132.83.3017.1 | ||
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.1.x antérieures à 6.1.10 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.5.x antérieures à 8.5.2 pour Windows | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions 10.2.10.x antérieures à 10.2.10-h16 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.9-CE.x antérieures à 7.9.103-CE HF pour Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.x antérieures à 10.1.14-h13 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.x antérieures à 11.1.8 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.x antérieures à 11.0.6 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.x antérieures à 10.2.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prisma SD-WAN versions 6.2.x et 6.3.x ant\u00e9rieures \u00e0 6.3.4",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3-CE.x ant\u00e9rieures \u00e0 8.3.101-CE HF pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 10.2.4.x ant\u00e9rieures \u00e0 10.2.4-h36",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cloud NGFW sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Cloud NGFW",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 11.2.x ant\u00e9rieures \u00e0 11.2.4-h5",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.x ant\u00e9rieures \u00e0 6.2.8 pour Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.100.3",
"product": {
"name": "Cortex XDR Broker",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3 pour Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.6.x ant\u00e9rieures \u00e0 8.6.1 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 132.83.3017.1",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN versions 6.1.x ant\u00e9rieures \u00e0 6.1.10",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.5.x ant\u00e9rieures \u00e0 8.5.2 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 10.2.10.x ant\u00e9rieures \u00e0 10.2.10-h16",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.9-CE.x ant\u00e9rieures \u00e0 7.9.103-CE HF pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.14-h13",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.8",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.15",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0124"
},
{
"name": "CVE-2025-2783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"
},
{
"name": "CVE-2025-2136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2136"
},
{
"name": "CVE-2025-0120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0120"
},
{
"name": "CVE-2025-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0128"
},
{
"name": "CVE-2025-1920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1920"
},
{
"name": "CVE-2025-0126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0126"
},
{
"name": "CVE-2025-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0129"
},
{
"name": "CVE-2025-2135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2135"
},
{
"name": "CVE-2025-2137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2137"
},
{
"name": "CVE-2025-0121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0121"
},
{
"name": "CVE-2025-0127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0127"
},
{
"name": "CVE-2025-0123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0123"
},
{
"name": "CVE-2025-0125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0125"
},
{
"name": "CVE-2025-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0122"
},
{
"name": "CVE-2025-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0119"
},
{
"name": "CVE-2025-2476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2476"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0301",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0122",
"url": "https://security.paloaltonetworks.com/CVE-2025-0122"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0120",
"url": "https://security.paloaltonetworks.com/CVE-2025-0120"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0128",
"url": "https://security.paloaltonetworks.com/CVE-2025-0128"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0008",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0008"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0125",
"url": "https://security.paloaltonetworks.com/CVE-2025-0125"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0127",
"url": "https://security.paloaltonetworks.com/CVE-2025-0127"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0123",
"url": "https://security.paloaltonetworks.com/CVE-2025-0123"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0119",
"url": "https://security.paloaltonetworks.com/CVE-2025-0119"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0124",
"url": "https://security.paloaltonetworks.com/CVE-2025-0124"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0126",
"url": "https://security.paloaltonetworks.com/CVE-2025-0126"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0121",
"url": "https://security.paloaltonetworks.com/CVE-2025-0121"
}
]
}
CERTFR-2025-AVI-0128
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les versions 8.4.x et antérieures de Cortex XDR Agent ne sont plus maintenues. La mise à jour vers la version 8.5.1 au minimum est nécessaire. De plus la mise à jour de Cortex XDR Broker VM en version 25.105.6 ne protège pas de l'exploitation de la vulnérabilité CVE-2025-0113 qui est corrigée par la version 26.0.116.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.5.x antérieures à 8.5.1 pour Windows | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions antérieures à 133.8.10.54 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.0 antérieures à 11.2.4-h4 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.0 antérieures à 11.1.6-h1 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.0 antérieures à 10.2.13-h3 | ||
| Palo Alto Networks | Cortex XDR Broker | Cortex XDR Broker VM versions antérieures à 26.0.116 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3-CE antérieures à 8.3.101-CE pour Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS OpenConfig Plugin versions antérieures à 2.1.2 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.0 antérieures à 10.1.14-h9 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.4.x et antérieures |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent versions 8.5.x ant\u00e9rieures \u00e0 8.5.1 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 133.8.10.54",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.0 ant\u00e9rieures \u00e0 11.2.4-h4",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.0 ant\u00e9rieures \u00e0 11.1.6-h1",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.0 ant\u00e9rieures \u00e0 10.2.13-h3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.0.116",
"product": {
"name": "Cortex XDR Broker",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3-CE ant\u00e9rieures \u00e0 8.3.101-CE pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS OpenConfig Plugin versions ant\u00e9rieures \u00e0 2.1.2",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.0 ant\u00e9rieures \u00e0 10.1.14-h9",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.4.x et ant\u00e9rieures",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": " L\u0027\u00e9diteur indique que les versions 8.4.x et ant\u00e9rieures de Cortex XDR Agent ne sont plus maintenues. La mise \u00e0 jour vers la version 8.5.1 au minimum est n\u00e9cessaire. De plus la mise \u00e0 jour de Cortex XDR Broker VM en version 25.105.6 ne prot\u00e8ge pas de l\u0027exploitation de la vuln\u00e9rabilit\u00e9 CVE-2025-0113 qui est corrig\u00e9e par la version 26.0.116.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0448"
},
{
"name": "CVE-2025-0111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0111"
},
{
"name": "CVE-2025-0440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0440"
},
{
"name": "CVE-2025-0445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0445"
},
{
"name": "CVE-2025-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0434"
},
{
"name": "CVE-2025-0439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0439"
},
{
"name": "CVE-2025-0612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0612"
},
{
"name": "CVE-2025-0291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0291"
},
{
"name": "CVE-2025-0451",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0451"
},
{
"name": "CVE-2025-0611",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0611"
},
{
"name": "CVE-2025-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0443"
},
{
"name": "CVE-2025-0109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0109"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2025-0446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0446"
},
{
"name": "CVE-2025-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0435"
},
{
"name": "CVE-2025-0442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0442"
},
{
"name": "CVE-2025-0441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0441"
},
{
"name": "CVE-2025-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0444"
},
{
"name": "CVE-2025-0108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0108"
},
{
"name": "CVE-2025-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0762"
},
{
"name": "CVE-2025-0112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0112"
},
{
"name": "CVE-2025-0438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0438"
},
{
"name": "CVE-2025-0437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0437"
},
{
"name": "CVE-2025-0436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0436"
},
{
"name": "CVE-2025-0447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0447"
},
{
"name": "CVE-2025-0110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0110"
},
{
"name": "CVE-2025-0113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0113"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0128",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-1135",
"url": "https://security.paloaltonetworks.com/CVE-2024-1135"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0109",
"url": "https://security.paloaltonetworks.com/CVE-2025-0109"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0110",
"url": "https://security.paloaltonetworks.com/CVE-2025-0110"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0108",
"url": "https://security.paloaltonetworks.com/CVE-2025-0108"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0113",
"url": "https://security.paloaltonetworks.com/CVE-2025-0113"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0004",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0004"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0112",
"url": "https://security.paloaltonetworks.com/CVE-2025-0112"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0111",
"url": "https://security.paloaltonetworks.com/CVE-2025-0111"
}
]
}
CERTFR-2024-AVI-0859
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions antérieures à 6.12.0 (Build 1271551) | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0 antérieures à 11.0.6 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.9-x antérieures à 10.2.9-h11 | ||
| Palo Alto Networks | Expedition | Expedition versions antérieures à 1.2.96 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions antérieures à 6.2.5 sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.10-x antérieures à 10.2.10-h4 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions antérieures à 7.9.102-CE sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.4-x antérieures à 11.0.4-h5 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.4.x antérieures à 8.4.1 sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2 antérieures à 10.2.11 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1 antérieures à 11.1.3 | ||
| Palo Alto Networks | Prisma Access | Prisma Access Browser versions antérieures à 129.101.2913.3 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1 antérieures à 10.1.11 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3.x antérieures à 8.3.1 sur Windows |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XSOAR versions ant\u00e9rieures \u00e0 6.12.0 (Build 1271551)",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0 ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.9-x ant\u00e9rieures \u00e0 10.2.9-h11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Expedition versions ant\u00e9rieures \u00e0 1.2.96",
"product": {
"name": "Expedition",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.2.5 sur Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.10-x ant\u00e9rieures \u00e0 10.2.10-h4",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.4-x ant\u00e9rieures \u00e0 11.0.4-h5",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.4.x ant\u00e9rieures \u00e0 8.4.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1 ant\u00e9rieures \u00e0 11.1.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 129.101.2913.3",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-9468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9468"
},
{
"name": "CVE-2024-8909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8909"
},
{
"name": "CVE-2024-9603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9603"
},
{
"name": "CVE-2024-8905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8905"
},
{
"name": "CVE-2024-7025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7025"
},
{
"name": "CVE-2024-8906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
},
{
"name": "CVE-2024-9123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9123"
},
{
"name": "CVE-2024-8907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8907"
},
{
"name": "CVE-2024-9469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9469"
},
{
"name": "CVE-2024-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9471"
},
{
"name": "CVE-2024-9370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9370"
},
{
"name": "CVE-2024-9470",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9470"
},
{
"name": "CVE-2024-9463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9463"
},
{
"name": "CVE-2024-9602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9602"
},
{
"name": "CVE-2024-9467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9467"
},
{
"name": "CVE-2024-9122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9122"
},
{
"name": "CVE-2024-9464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9464"
},
{
"name": "CVE-2024-9121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9121"
},
{
"name": "CVE-2024-8904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8904"
},
{
"name": "CVE-2024-9369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9369"
},
{
"name": "CVE-2024-9120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9120"
},
{
"name": "CVE-2024-9465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9465"
},
{
"name": "CVE-2024-9466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9466"
},
{
"name": "CVE-2024-9473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9473"
},
{
"name": "CVE-2024-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8908"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0859",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0010",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0011",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0011"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-23347",
"url": "https://security.paloaltonetworks.com/CVE-2024-9469"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks GPC-19493 et GPC-21211",
"url": "https://security.paloaltonetworks.com/CVE-2024-9473"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-244840",
"url": "https://security.paloaltonetworks.com/CVE-2024-9468"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-217511 et PAN-152631",
"url": "https://security.paloaltonetworks.com/CVE-2024-9471"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105114",
"url": "https://security.paloaltonetworks.com/CVE-2024-9470"
}
]
}
CERTFR-2024-AVI-0770
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.0.x antérieures à 10.0.12 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.1.x antérieures à 5.1.12 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.x antérieures à 11.0.1 | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions antérieures à 10.2.9 sur PAN-OS | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.0.x antérieures à 9.0.17 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.x antérieures à 11.2.3 | ||
| Palo Alto Networks | ActiveMQ Content Pack | ActiveMQ Content Pack versions 1.1.x antérieures à 1.1.15 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.x antérieures à 10.1.11 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.1 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent toutes versions antérieures à 8.2 | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions 128.x.x.x postérieures à 128.91.2869.7 et antérieures à 128.138.2888.2 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.x antérieures à 10.2.4 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.0.x antérieures à 6.0.7 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 8.1.x antérieures à 8.1.25 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.2.x antérieures à 5.2.13 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.1.x antérieures à 9.1.17 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.1.x antérieures à 6.1.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.12",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions ant\u00e9rieures \u00e0 10.2.9 sur PAN-OS",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.0.x ant\u00e9rieures \u00e0 9.0.17",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "ActiveMQ Content Pack versions 1.1.x ant\u00e9rieures \u00e0 1.1.15",
"product": {
"name": "ActiveMQ Content Pack",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent toutes versions ant\u00e9rieures \u00e0 8.2",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions 128.x.x.x post\u00e9rieures \u00e0 128.91.2869.7 et ant\u00e9rieures \u00e0 128.138.2888.2",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.7",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.25",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.13",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.17",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.2",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-8193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8193"
},
{
"name": "CVE-2024-7976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
},
{
"name": "CVE-2024-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
},
{
"name": "CVE-2024-7969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
},
{
"name": "CVE-2024-8691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8691"
},
{
"name": "CVE-2024-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
},
{
"name": "CVE-2024-7980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
},
{
"name": "CVE-2024-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
},
{
"name": "CVE-2024-7964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
},
{
"name": "CVE-2024-8636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8636"
},
{
"name": "CVE-2024-7968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
},
{
"name": "CVE-2024-8686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8686"
},
{
"name": "CVE-2024-8638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8638"
},
{
"name": "CVE-2024-8639",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8639"
},
{
"name": "CVE-2024-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
},
{
"name": "CVE-2024-8362",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8362"
},
{
"name": "CVE-2024-8687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8687"
},
{
"name": "CVE-2024-7966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
},
{
"name": "CVE-2024-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
},
{
"name": "CVE-2024-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
},
{
"name": "CVE-2024-8637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8637"
},
{
"name": "CVE-2024-7972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
},
{
"name": "CVE-2024-7967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
},
{
"name": "CVE-2024-8689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8689"
},
{
"name": "CVE-2024-8198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8198"
},
{
"name": "CVE-2024-8688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8688"
},
{
"name": "CVE-2024-8034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
},
{
"name": "CVE-2024-7970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7970"
},
{
"name": "CVE-2024-8690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8690"
},
{
"name": "CVE-2024-7981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
},
{
"name": "CVE-2024-8033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
},
{
"name": "CVE-2024-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8194"
},
{
"name": "CVE-2024-7978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
},
{
"name": "CVE-2024-7971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
},
{
"name": "CVE-2024-7965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0770",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-219031 et PAN-192893",
"url": "https://security.paloaltonetworks.com/CVE-2024-8691"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-204689 et GPC-16848",
"url": "https://security.paloaltonetworks.com/CVE-2024-8687"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-151792 et PAN-82874",
"url": "https://security.paloaltonetworks.com/CVE-2024-8688"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-20644",
"url": "https://security.paloaltonetworks.com/CVE-2024-8690"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105751",
"url": "https://security.paloaltonetworks.com/CVE-2024-8689"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0009",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0009"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-263321",
"url": "https://security.paloaltonetworks.com/CVE-2024-8686"
}
]
}
CERTFR-2024-AVI-0567
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que le correctif pour la vulnérabilité CVE-2024-3596 pour Prisma Access devrait être disponible le 30 Juillet 2024.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 11.1 antérieures à 11.1.4 | ||
| Palo Alto Networks | Expedition | Expedition versions 1.2 antérieures à 1.2.92 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.1 antérieures à 10.1.9 sur Panorama | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.2 antérieures à 10.2.4 sur Panorama | ||
| Palo Alto Networks | Expedition | Script d'installation initSetup_v2.0 pour Expedition versions antérieures à la date 20240605 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.2 antérieures à 10.2.10 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 9.1 antérieures à 9.1.19 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 11.0 antérieures à 11.0.5 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.2 antérieures à 8.2.2 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.9-CE antérieures à 7.9.102-CE | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 11.2 antérieures à 11.2.1 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.1 antérieures à 10.1.14-h2 | ||
| Palo Alto Networks | Prisma Access | Prisma Access toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PAN-OS versions 11.1 ant\u00e9rieures \u00e0 11.1.4",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Expedition versions 1.2 ant\u00e9rieures \u00e0 1.2.92",
"product": {
"name": "Expedition",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.9 sur Panorama",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.4 sur Panorama",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Script d\u0027installation initSetup_v2.0 pour Expedition versions ant\u00e9rieures \u00e0 la date 20240605",
"product": {
"name": "Expedition",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.10",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1 ant\u00e9rieures \u00e0 9.1.19",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0 ant\u00e9rieures \u00e0 11.0.5",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.2 ant\u00e9rieures \u00e0 8.2.2",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.9-CE ant\u00e9rieures \u00e0 7.9.102-CE",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2 ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.14-h2",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access toutes versions",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que le correctif pour la vuln\u00e9rabilit\u00e9 CVE-2024-3596 pour Prisma Access devrait \u00eatre disponible le 30 Juillet 2024.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-5911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5911"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-5913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5913"
},
{
"name": "CVE-2024-5910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5910"
},
{
"name": "CVE-2024-5912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5912"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0567",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5910",
"url": "https://security.paloaltonetworks.com/CVE-2024-5910"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-247511",
"url": "https://security.paloaltonetworks.com/CVE-2024-3596"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0006",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0006"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-22565",
"url": "https://security.paloaltonetworks.com/CVE-2024-5912"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5913",
"url": "https://security.paloaltonetworks.com/CVE-2024-5913"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-182835",
"url": "https://security.paloaltonetworks.com/CVE-2024-5911"
}
]
}
CERTFR-2024-AVI-0491
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.1.x antérieures à 5.1.12 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.9.x.-CE antérieures à 7.9.102-CE sur Windows | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.1.x à 8.2.x antérieures à 8.2.1 sur Windows | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.1.x antérieures à 6.1.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.0.x antérieures à 6.0.8 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3.x antérieures à 8.3.1 sur Windows | ||
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions 32.x antérieures à 32.05 (O’Neal - Update 5) |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.9.x.-CE ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.1.x \u00e0 8.2.x ant\u00e9rieures \u00e0 8.2.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.3",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.8",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Cloud Compute versions 32.x ant\u00e9rieures \u00e0 32.05 (O\u2019Neal - Update 5)",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5908"
},
{
"name": "CVE-2024-5907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5907"
},
{
"name": "CVE-2024-5905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5905"
},
{
"name": "CVE-2024-5906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5906"
},
{
"name": "CVE-2024-5909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5909"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0491",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5906",
"url": "https://security.paloaltonetworks.com/CVE-2024-5906"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5908",
"url": "https://security.paloaltonetworks.com/CVE-2024-5908"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5907",
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5905",
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5909",
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
]
}
CVE-2025-0121 (GCVE-0-2025-0121)
Vulnerability from cvelistv5 – Published: 2025-04-11 01:45 – Updated: 2025-04-11 16:02
VLAI?
Summary
A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.7.0 , < 6.3.3
(custom)
Affected: 8.6.0 , < 8.6.1 (custom) Affected: 8.5.0 , < 8.5.2 (custom) Affected: 8.3-CE , < 8.3.101-CE HF (custom) Affected: 7.9-CE , < 7.9.103-CE HF (custom) cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.6.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.1:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102-CE:-:*:*:*:*:*:* |
Credits
adcisseckilled
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T15:44:45.921667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T16:02:36.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.6.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.1:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102-CE:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "6.3.3",
"status": "unaffected"
}
],
"lessThan": "6.3.3",
"status": "unaffected",
"version": "8.7.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.6.1",
"status": "unaffected"
}
],
"lessThan": "8.6.1",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.5.2",
"status": "unaffected"
}
],
"lessThan": "8.5.2",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.101-CE HF",
"status": "unaffected"
}
],
"lessThan": "8.3.101-CE HF",
"status": "affected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.103-CE HF",
"status": "unaffected"
}
],
"lessThan": "7.9.103-CE HF",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is needed to be affected by this issue."
}
],
"value": "No special configuration is needed to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "adcisseckilled"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it."
}
],
"value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T01:45:54.148Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0121"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions."
}
],
"value": "This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-26258"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Crash the Agent",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_affectedList": [
"Cortex XDR Agent 8.6.0",
"Cortex XDR Agent 8.5.0",
"Cortex XDR Agent 8.5.1",
"Cortex XDR Agent 8.3-CE",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.9.101-CE",
"Cortex XDR Agent 7.9.102-CE"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0121",
"datePublished": "2025-04-11T01:45:54.148Z",
"dateReserved": "2024-12-20T23:23:22.401Z",
"dateUpdated": "2025-04-11T16:02:36.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0112 (GCVE-0-2025-0112)
Vulnerability from cvelistv5 – Published: 2025-02-19 23:44 – Updated: 2025-02-20 17:23
VLAI?
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
8.3-CE , < 8.3.101-CE
(custom)
Affected: 8.4.0 (custom) Affected: 8.5.0 , < 8.5.1 (custom) Unaffected: 8.6.0 (custom) cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3:CE:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.*:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:*:*:*:*:*:*:* |
Credits
Eldar Aharoni of Palo Alto Networks
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T17:22:51.908589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T17:23:01.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3:CE:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.*:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "8.3.101-CE",
"status": "unaffected"
}
],
"lessThan": "8.3.101-CE",
"status": "affected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.4.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.5.1",
"status": "unaffected"
}
],
"lessThan": "8.5.1",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eldar Aharoni of Palo Alto Networks"
}
],
"datePublic": "2025-02-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity.\u003c/p\u003e"
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T23:44:33.652Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0112"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 8.3.101-CE, Cortex XDR agent 8.5.1, Cortex XDR agent 8.6 and all later Cortex XDR agent versions."
}
],
"value": "This issue is fixed in Cortex XDR agent 8.3.101-CE, Cortex XDR agent 8.5.1, Cortex XDR agent 8.6 and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-25268"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-02-12T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds or mitigations for this issue."
}
],
"value": "There are no known workarounds or mitigations for this issue."
}
],
"x_affectedList": [
"Cortex XDR Agent 8.3-CE",
"Cortex XDR Agent 8.5.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0112",
"datePublished": "2025-02-19T23:44:33.652Z",
"dateReserved": "2024-12-20T23:23:14.201Z",
"dateUpdated": "2025-02-20T17:23:01.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9469 (GCVE-0-2024-9469)
Vulnerability from cvelistv5 – Published: 2024-10-09 17:05 – Updated: 2024-10-18 11:55
VLAI?
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9 , < 7.9.102-CE
(custom)
Affected: 8.3 , < 8.3.1 (custom) Unaffected: 8.3-CE Affected: 8.4 , < 8.4.1 (custom) Unaffected: 8.5 Unaffected: 8.6 cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:* |
Credits
Orange Cyberdefense Switzerland's Research Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:38:18.728169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:38:44.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"changes": [
{
"at": "8.4.1",
"status": "unaffected"
}
],
"lessThan": "8.4.1",
"status": "affected",
"version": "8.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Orange Cyberdefense Switzerland\u0027s Research Team"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T11:55:36.651Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-9469"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
}
],
"value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-23347"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-10-09T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-9469",
"datePublished": "2024-10-09T17:05:55.091Z",
"dateReserved": "2024-10-03T11:35:16.152Z",
"dateUpdated": "2024-10-18T11:55:36.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8690 (GCVE-0-2024-8690)
Vulnerability from cvelistv5 – Published: 2024-09-11 16:42 – Updated: 2024-09-11 18:24
VLAI?
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.5
Unaffected: 8.4 Unaffected: 8.3 Unaffected: 8.3-CE Unaffected: 8.2 Affected: 7.9.102-CE |
Credits
Ayman Sagy of CyberCX
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:23:32.709813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:24:05.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.4"
},
{
"status": "unaffected",
"version": "8.3"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"status": "unaffected",
"version": "8.2"
},
{
"status": "affected",
"version": "7.9.102-CE"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ayman Sagy of CyberCX"
}
],
"datePublic": "2024-09-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440: Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T16:42:39.974Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8690"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-20644"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-11T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows Administrator Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-8690",
"datePublished": "2024-09-11T16:42:39.974Z",
"dateReserved": "2024-09-11T08:21:15.662Z",
"dateUpdated": "2024-09-11T18:24:05.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5912 (GCVE-0-2024-5912)
Vulnerability from cvelistv5 – Published: 2024-07-10 18:40 – Updated: 2024-08-01 21:25
VLAI?
Summary
An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.
Severity ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.4
(custom)
Unaffected: 8.3-CE (custom) Unaffected: 8.3 (custom) Affected: 7.9-CE , < 7.9.102-CE (custom) Affected: 8.2 , < 8.2.2 (custom) |
Credits
Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:37:27.359741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:37:33.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5912"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.2.2",
"status": "unaffected"
}
],
"lessThan": "8.2.2",
"status": "affected",
"version": "8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue."
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent\u0027s executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."
}
],
"value": "An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent\u0027s executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T18:40:16.240Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5912"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-22565"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-07-10T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Improper File Signature Verification Checks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5912",
"datePublished": "2024-07-10T18:40:16.240Z",
"dateReserved": "2024-06-12T15:27:56.188Z",
"dateUpdated": "2024-08-01T21:25:03.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5909 (GCVE-0-2024-5909)
Vulnerability from cvelistv5 – Published: 2024-06-12 16:29 – Updated: 2024-08-01 21:25
VLAI?
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.4.0
Unaffected: 8.3.0 Affected: 8.2.0 , < 8.2.1 (custom) Affected: 8.1.0 , < 8.1.2 (custom) Affected: 7.9-CE , < 7.9.102-CE (custom) |
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:51:54.433806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:52:05.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.4.0"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:29:23.822Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectedKeywords": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0",
"Cortex XDR Agent"
],
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21826",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5909",
"datePublished": "2024-06-12T16:29:23.822Z",
"dateReserved": "2024-06-12T15:27:55.683Z",
"dateUpdated": "2024-08-01T21:25:03.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5907 (GCVE-0-2024-5907)
Vulnerability from cvelistv5 – Published: 2024-06-12 16:26 – Updated: 2024-08-01 21:25
VLAI?
Summary
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9-CE , < 7.9.102-CE
(custom)
Affected: 8.1.0 Affected: 8.2.0 , < 8.2.3 (custom) Affected: 8.3.0 , < 8.3.1 (custom) Unaffected: 8.4.0 |
Credits
Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T03:56:05.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.1.0"
},
{
"changes": [
{
"at": "8.2.3",
"status": "unaffected"
}
],
"lessThan": "8.2.3",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland\u0027s Research Team for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.\u003c/p\u003e"
}
],
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:26:39.742Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Current-Status": "Verify with Alain how they want to be acknowledged",
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"None",
"\u003c 8.3.1 on Windows",
"\u003c 8.2.3 on Windows",
"All",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"\u003e= 8.3.1 on Windows",
"\u003e= 8.2.3 on Windows",
"None",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-23348",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.3"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.3"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.3",
"version_value": "8.3.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.3",
"version_value": "8.3.1"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.1",
"version_value": "All"
},
{
"version_affected": "!",
"version_name": "8.1",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5907",
"datePublished": "2024-06-12T16:26:39.742Z",
"dateReserved": "2024-06-12T15:27:55.262Z",
"dateUpdated": "2024-08-01T21:25:03.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5905 (GCVE-0-2024-5905)
Vulnerability from cvelistv5 – Published: 2024-06-12 16:20 – Updated: 2024-08-01 21:25
VLAI?
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.
Severity ?
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9-CE , < 7.9.102-CE
(custom)
Affected: 8.1.0 , < 8.1.2 (custom) Affected: 8.2.0 , < 8.2.1 (custom) Unaffected: 8.3.0 Unaffected: 8.4.0 |
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:58:42.722169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T17:58:51.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"status": "unaffected",
"version": "8.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:22:57.869Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21727",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21727"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5905",
"datePublished": "2024-06-12T16:20:35.039Z",
"dateReserved": "2024-06-12T15:27:53.779Z",
"dateUpdated": "2024-08-01T21:25:03.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0121 (GCVE-0-2025-0121)
Vulnerability from nvd – Published: 2025-04-11 01:45 – Updated: 2025-04-11 16:02
VLAI?
Summary
A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.7.0 , < 6.3.3
(custom)
Affected: 8.6.0 , < 8.6.1 (custom) Affected: 8.5.0 , < 8.5.2 (custom) Affected: 8.3-CE , < 8.3.101-CE HF (custom) Affected: 7.9-CE , < 7.9.103-CE HF (custom) cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.6.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.1:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102-CE:-:*:*:*:*:*:* |
Credits
adcisseckilled
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T15:44:45.921667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T16:02:36.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.6.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.1:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102-CE:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "6.3.3",
"status": "unaffected"
}
],
"lessThan": "6.3.3",
"status": "unaffected",
"version": "8.7.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.6.1",
"status": "unaffected"
}
],
"lessThan": "8.6.1",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.5.2",
"status": "unaffected"
}
],
"lessThan": "8.5.2",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.101-CE HF",
"status": "unaffected"
}
],
"lessThan": "8.3.101-CE HF",
"status": "affected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.103-CE HF",
"status": "unaffected"
}
],
"lessThan": "7.9.103-CE HF",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is needed to be affected by this issue."
}
],
"value": "No special configuration is needed to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "adcisseckilled"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it."
}
],
"value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T01:45:54.148Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0121"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions."
}
],
"value": "This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-26258"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Crash the Agent",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_affectedList": [
"Cortex XDR Agent 8.6.0",
"Cortex XDR Agent 8.5.0",
"Cortex XDR Agent 8.5.1",
"Cortex XDR Agent 8.3-CE",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.9.101-CE",
"Cortex XDR Agent 7.9.102-CE"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0121",
"datePublished": "2025-04-11T01:45:54.148Z",
"dateReserved": "2024-12-20T23:23:22.401Z",
"dateUpdated": "2025-04-11T16:02:36.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0112 (GCVE-0-2025-0112)
Vulnerability from nvd – Published: 2025-02-19 23:44 – Updated: 2025-02-20 17:23
VLAI?
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
8.3-CE , < 8.3.101-CE
(custom)
Affected: 8.4.0 (custom) Affected: 8.5.0 , < 8.5.1 (custom) Unaffected: 8.6.0 (custom) cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3:CE:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.*:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:*:*:*:*:*:*:* |
Credits
Eldar Aharoni of Palo Alto Networks
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T17:22:51.908589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T17:23:01.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3:CE:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.*:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "8.3.101-CE",
"status": "unaffected"
}
],
"lessThan": "8.3.101-CE",
"status": "affected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.4.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.5.1",
"status": "unaffected"
}
],
"lessThan": "8.5.1",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eldar Aharoni of Palo Alto Networks"
}
],
"datePublic": "2025-02-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity.\u003c/p\u003e"
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T23:44:33.652Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0112"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 8.3.101-CE, Cortex XDR agent 8.5.1, Cortex XDR agent 8.6 and all later Cortex XDR agent versions."
}
],
"value": "This issue is fixed in Cortex XDR agent 8.3.101-CE, Cortex XDR agent 8.5.1, Cortex XDR agent 8.6 and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-25268"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-02-12T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds or mitigations for this issue."
}
],
"value": "There are no known workarounds or mitigations for this issue."
}
],
"x_affectedList": [
"Cortex XDR Agent 8.3-CE",
"Cortex XDR Agent 8.5.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0112",
"datePublished": "2025-02-19T23:44:33.652Z",
"dateReserved": "2024-12-20T23:23:14.201Z",
"dateUpdated": "2025-02-20T17:23:01.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9469 (GCVE-0-2024-9469)
Vulnerability from nvd – Published: 2024-10-09 17:05 – Updated: 2024-10-18 11:55
VLAI?
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9 , < 7.9.102-CE
(custom)
Affected: 8.3 , < 8.3.1 (custom) Unaffected: 8.3-CE Affected: 8.4 , < 8.4.1 (custom) Unaffected: 8.5 Unaffected: 8.6 cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:* |
Credits
Orange Cyberdefense Switzerland's Research Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:38:18.728169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:38:44.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"changes": [
{
"at": "8.4.1",
"status": "unaffected"
}
],
"lessThan": "8.4.1",
"status": "affected",
"version": "8.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Orange Cyberdefense Switzerland\u0027s Research Team"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T11:55:36.651Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-9469"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
}
],
"value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-23347"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-10-09T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-9469",
"datePublished": "2024-10-09T17:05:55.091Z",
"dateReserved": "2024-10-03T11:35:16.152Z",
"dateUpdated": "2024-10-18T11:55:36.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8690 (GCVE-0-2024-8690)
Vulnerability from nvd – Published: 2024-09-11 16:42 – Updated: 2024-09-11 18:24
VLAI?
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.5
Unaffected: 8.4 Unaffected: 8.3 Unaffected: 8.3-CE Unaffected: 8.2 Affected: 7.9.102-CE |
Credits
Ayman Sagy of CyberCX
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:23:32.709813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:24:05.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.4"
},
{
"status": "unaffected",
"version": "8.3"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"status": "unaffected",
"version": "8.2"
},
{
"status": "affected",
"version": "7.9.102-CE"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ayman Sagy of CyberCX"
}
],
"datePublic": "2024-09-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440: Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T16:42:39.974Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8690"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-20644"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-11T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows Administrator Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-8690",
"datePublished": "2024-09-11T16:42:39.974Z",
"dateReserved": "2024-09-11T08:21:15.662Z",
"dateUpdated": "2024-09-11T18:24:05.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5912 (GCVE-0-2024-5912)
Vulnerability from nvd – Published: 2024-07-10 18:40 – Updated: 2024-08-01 21:25
VLAI?
Summary
An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.
Severity ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.4
(custom)
Unaffected: 8.3-CE (custom) Unaffected: 8.3 (custom) Affected: 7.9-CE , < 7.9.102-CE (custom) Affected: 8.2 , < 8.2.2 (custom) |
Credits
Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:37:27.359741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:37:33.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5912"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.2.2",
"status": "unaffected"
}
],
"lessThan": "8.2.2",
"status": "affected",
"version": "8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue."
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent\u0027s executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."
}
],
"value": "An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent\u0027s executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T18:40:16.240Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5912"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-22565"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-07-10T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Improper File Signature Verification Checks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5912",
"datePublished": "2024-07-10T18:40:16.240Z",
"dateReserved": "2024-06-12T15:27:56.188Z",
"dateUpdated": "2024-08-01T21:25:03.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5909 (GCVE-0-2024-5909)
Vulnerability from nvd – Published: 2024-06-12 16:29 – Updated: 2024-08-01 21:25
VLAI?
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.4.0
Unaffected: 8.3.0 Affected: 8.2.0 , < 8.2.1 (custom) Affected: 8.1.0 , < 8.1.2 (custom) Affected: 7.9-CE , < 7.9.102-CE (custom) |
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:51:54.433806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:52:05.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.4.0"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:29:23.822Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectedKeywords": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0",
"Cortex XDR Agent"
],
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21826",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5909",
"datePublished": "2024-06-12T16:29:23.822Z",
"dateReserved": "2024-06-12T15:27:55.683Z",
"dateUpdated": "2024-08-01T21:25:03.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5907 (GCVE-0-2024-5907)
Vulnerability from nvd – Published: 2024-06-12 16:26 – Updated: 2024-08-01 21:25
VLAI?
Summary
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9-CE , < 7.9.102-CE
(custom)
Affected: 8.1.0 Affected: 8.2.0 , < 8.2.3 (custom) Affected: 8.3.0 , < 8.3.1 (custom) Unaffected: 8.4.0 |
Credits
Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T03:56:05.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.1.0"
},
{
"changes": [
{
"at": "8.2.3",
"status": "unaffected"
}
],
"lessThan": "8.2.3",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland\u0027s Research Team for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.\u003c/p\u003e"
}
],
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:26:39.742Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Current-Status": "Verify with Alain how they want to be acknowledged",
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"None",
"\u003c 8.3.1 on Windows",
"\u003c 8.2.3 on Windows",
"All",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"\u003e= 8.3.1 on Windows",
"\u003e= 8.2.3 on Windows",
"None",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-23348",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.3"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.3"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.3",
"version_value": "8.3.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.3",
"version_value": "8.3.1"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.1",
"version_value": "All"
},
{
"version_affected": "!",
"version_name": "8.1",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5907",
"datePublished": "2024-06-12T16:26:39.742Z",
"dateReserved": "2024-06-12T15:27:55.262Z",
"dateUpdated": "2024-08-01T21:25:03.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5905 (GCVE-0-2024-5905)
Vulnerability from nvd – Published: 2024-06-12 16:20 – Updated: 2024-08-01 21:25
VLAI?
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.
Severity ?
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9-CE , < 7.9.102-CE
(custom)
Affected: 8.1.0 , < 8.1.2 (custom) Affected: 8.2.0 , < 8.2.1 (custom) Unaffected: 8.3.0 Unaffected: 8.4.0 |
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:58:42.722169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T17:58:51.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"status": "unaffected",
"version": "8.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:22:57.869Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21727",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21727"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5905",
"datePublished": "2024-06-12T16:20:35.039Z",
"dateReserved": "2024-06-12T15:27:53.779Z",
"dateUpdated": "2024-08-01T21:25:03.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}