All the vulnerabilites related to Palo Alto Networks - Cortex XDR agent
cve-2024-8690
Vulnerability from cvelistv5
Published
2024-09-11 16:42
Modified
2024-09-11 18:24
Summary
Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8690",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T18:23:32.709813Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T18:24:05.107Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "8.5"
            },
            {
              "status": "unaffected",
              "version": "8.4"
            },
            {
              "status": "unaffected",
              "version": "8.3"
            },
            {
              "status": "unaffected",
              "version": "8.3-CE"
            },
            {
              "status": "unaffected",
              "version": "8.2"
            },
            {
              "status": "affected",
              "version": "7.9.102-CE"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ayman Sagy of CyberCX"
        }
      ],
      "datePublic": "2024-09-11T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
            }
          ],
          "value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-440",
              "description": "CWE-440: Expected Behavior Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T16:42:39.974Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "url": "https://security.paloaltonetworks.com/CVE-2024-8690"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions.\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-20644"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-11T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Local Windows Administrator Can Disable the Agent",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-8690",
    "datePublished": "2024-09-11T16:42:39.974Z",
    "dateReserved": "2024-09-11T08:21:15.662Z",
    "dateUpdated": "2024-09-11T18:24:05.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0012
Vulnerability from cvelistv5
Published
2022-01-12 17:30
Modified
2024-09-17 01:55
Summary
Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.4.*"
            },
            {
              "status": "unaffected",
              "version": "7.5.*"
            },
            {
              "status": "unaffected",
              "version": "7.6.*"
            },
            {
              "changes": [
                {
                  "at": "5.0.12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.0.12",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "7.2.4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.2.4",
              "status": "affected",
              "version": "7.2",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "7.3.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.3.2",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.1.9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.9",
              "status": "affected",
              "version": "6.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Chris Au for discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-01-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-12T17:30:15",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0012"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-13408"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-01-12T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "There is no known workaround available for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
          "ID": "CVE-2022-0012",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "5.0",
                            "version_value": "5.0.12"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "5.0",
                            "version_value": "5.0.12"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.2",
                            "version_value": "7.2.4"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "7.2",
                            "version_value": "7.2.4"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.3",
                            "version_value": "7.3.2"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "7.3",
                            "version_value": "7.3.2"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.4",
                            "version_value": "7.4.*"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "6.1",
                            "version_value": "6.1.9"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "6.1",
                            "version_value": "6.1.9"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.5",
                            "version_value": "7.5.*"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.6",
                            "version_value": "7.6.*"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Chris Au for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0012",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0012"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
          }
        ],
        "source": {
          "defect": [
            "CPATR-13408"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-01-12T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "There is no known workaround available for this issue."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 7.3",
          "Cortex XDR Agent 7.2",
          "Cortex XDR Agent 7.1",
          "Cortex XDR Agent 7.0",
          "Cortex XDR Agent 6.1",
          "Cortex XDR Agent 5.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0012",
    "datePublished": "2022-01-12T17:30:15.528091Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-17T01:55:48.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0001
Vulnerability from cvelistv5
Published
2023-02-08 17:20
Modified
2024-08-02 04:54
Summary
Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2023-0001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.9 All"
            },
            {
              "status": "unaffected",
              "version": "7.8 All"
            },
            {
              "changes": [
                {
                  "at": "7.5.101-CE",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.5.101-CE",
              "status": "affected",
              "version": "7.5",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "5.0 All"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Palo Alto Networks thanks Robert McCallum (M42D) for discovering and reporting this issue."
        }
      ],
      "datePublic": "2023-02-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
            }
          ],
          "value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-21T18:25:00.000Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "url": "https://security.paloaltonetworks.com/CVE-2023-0001"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\u003cbr\u003e\u003cbr\u003eAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
            }
          ],
          "value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\n\nAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
        }
      ],
      "source": {
        "defect": [
          "CPATR-13152"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-08T17:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Cleartext Exposure of Agent Admin Password",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2023-0001",
    "datePublished": "2023-02-08T17:20:20.774Z",
    "dateReserved": "2022-10-27T18:47:48.958Z",
    "dateUpdated": "2024-08-02T04:54:32.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-5909
Vulnerability from cvelistv5
Published
2024-06-12 16:29
Modified
2024-08-01 21:25
Summary
Cortex XDR Agent: Local Windows User Can Disable the Agent
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:51:54.433806Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:52:05.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:25:03.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-5909"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "8.4.0"
            },
            {
              "status": "unaffected",
              "version": "8.3.0"
            },
            {
              "changes": [
                {
                  "at": "8.2.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.2.1",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "8.1.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.1.2",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "7.9.102-CE",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.9.102-CE",
              "status": "affected",
              "version": "7.9-CE",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
        }
      ],
      "datePublic": "2024-06-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.\u003c/p\u003e"
            }
          ],
          "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-578",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-578 Disable Security Software"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:29:23.822Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-5909"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
            }
          ],
          "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-21835",
          "CPATR-21826"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-12T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
      "x_generator": {
        "engine": "vulnogram 0.1.0-rc1"
      },
      "x_legacyV4Record": {
        "CNA_private": {
          "Priority": "normal",
          "STATE": "review",
          "TYPE": "advisory",
          "affectedKeywords": [
            "Cortex XDR Agent 8.3",
            "Cortex XDR Agent 8.2",
            "Cortex XDR Agent 8.1",
            "Cortex XDR Agent 7.9-CE",
            "Cortex XDR Agent 7.5-CE",
            "Cortex XDR Agent 5.0",
            "Cortex XDR Agent"
          ],
          "affectsSummary": {
            "affected": [
              "None",
              "None",
              "\u003c 8.2.1 on Windows",
              "\u003c 8.1.2 on Windows",
              "\u003c 7.9.102-CE on Windows"
            ],
            "appliesTo": [
              "Cortex XDR Agent 8.4",
              "Cortex XDR Agent 8.3",
              "Cortex XDR Agent 8.2",
              "Cortex XDR Agent 8.1",
              "Cortex XDR Agent 7.9-CE"
            ],
            "product_versions": [
              "Cortex XDR Agent 8.4",
              "Cortex XDR Agent 8.3",
              "Cortex XDR Agent 8.2",
              "Cortex XDR Agent 8.1",
              "Cortex XDR Agent 7.9-CE"
            ],
            "unaffected": [
              "All",
              "All",
              "\u003e= 8.2.1 on Windows",
              "\u003e= 8.1.2 on Windows",
              "\u003e= 7.9.102-CE on Windows"
            ],
            "unknown": [
              "",
              "",
              "",
              "",
              ""
            ]
          },
          "owner": "abaishya",
          "publish": {
            "month": "06",
            "year": "2024",
            "ym": "2024-06"
          },
          "share_with_CVE": true,
          "show_cvss": true
        },
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
          "ID": "CVE-2023-case-CPATR-21826",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "8.3",
                            "version_value": "None"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.2",
                            "version_value": "8.2.1"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "8.2",
                            "version_value": "8.2.1"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.1",
                            "version_value": "8.1.2"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "8.1",
                            "version_value": "8.1.2"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.9-CE",
                            "version_value": "7.9.102-CE"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "7.9-CE",
                            "version_value": "7.9.102-CE"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.3",
                            "version_value": "All"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "8.4",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.4",
                            "version_value": "All"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "vulnogram 0.1.0-rc1"
        },
        "impact": {
          "cvss": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269 Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
          }
        ],
        "source": {
          "defect": [
            "CPATR-21835",
            "CPATR-21826"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-06-12T00:00:00",
            "value": "Initial publication"
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 8.3",
          "Cortex XDR Agent 8.2",
          "Cortex XDR Agent 8.1",
          "Cortex XDR Agent 7.9-CE",
          "Cortex XDR Agent 7.5-CE",
          "Cortex XDR Agent 5.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-5909",
    "datePublished": "2024-06-12T16:29:23.822Z",
    "dateReserved": "2024-06-12T15:27:55.683Z",
    "dateUpdated": "2024-08-01T21:25:03.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0025
Vulnerability from cvelistv5
Published
2022-05-11 16:30
Modified
2024-09-17 02:42
Summary
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
References
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0025"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.7.1.62043",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.7.1.62043 without CU-500",
              "status": "affected",
              "version": "7.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.7.* with CU-500"
            },
            {
              "status": "unaffected",
              "version": "7.6 all"
            },
            {
              "status": "unaffected",
              "version": "7.5 CE all"
            },
            {
              "status": "unaffected",
              "version": "7.4 all"
            },
            {
              "status": "unaffected",
              "version": "7.5 all"
            },
            {
              "status": "unaffected",
              "version": "6.1 all"
            },
            {
              "status": "unaffected",
              "version": "5.0 all"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-11T16:30:24",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0025"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR agent 7.7.0 with content update 500, Cortex XDR agent 7.7.1 build 7.7.1.62043, and all later Cortex XDR agent versions.\n\nEnsure that Cortex XDR agent is upgraded to Cortex XDR agent 7.7.1.62043 or a later build when upgrading Cortex XDR agent to Cortex XDR agent 7.7 to prevent exposure to this vulnerability during the upgrade process."
        }
      ],
      "source": {
        "defect": [
          "CPATR-16696"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-05-11T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-05-11T16:00:00.000Z",
          "ID": "CVE-2022-0025",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.7",
                            "version_value": "7.7.1.62043 without CU-500"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.7",
                            "version_value": "7.7.* with CU-500"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.6",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.5 CE",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.4",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.5",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "6.1",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "5.0",
                            "version_value": "all"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "7.7",
                            "version_value": "7.7.1.62043"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427 Uncontrolled Search Path Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0025",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0025"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 7.7.0 with content update 500, Cortex XDR agent 7.7.1 build 7.7.1.62043, and all later Cortex XDR agent versions.\n\nEnsure that Cortex XDR agent is upgraded to Cortex XDR agent 7.7.1.62043 or a later build when upgrading Cortex XDR agent to Cortex XDR agent 7.7 to prevent exposure to this vulnerability during the upgrade process."
          }
        ],
        "source": {
          "defect": [
            "CPATR-16696"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-05-11T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 7.7",
          "Cortex XDR Agent"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0025",
    "datePublished": "2022-05-11T16:30:24.228159Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-17T02:42:23.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0029
Vulnerability from cvelistv5
Published
2022-09-14 16:35
Modified
2024-09-17 02:41
Summary
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
References
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "lessThan": "7.7.3",
              "status": "affected",
              "version": "7.7",
              "versionType": "custom"
            },
            {
              "lessThan": "7.5.101-CE",
              "status": "affected",
              "version": "7.5 CE",
              "versionType": "custom"
            },
            {
              "lessThan": "5.0.12-hotfix update",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.8 all"
            },
            {
              "lessThan": "7.7*",
              "status": "unaffected",
              "version": "7.7.3",
              "versionType": "custom"
            },
            {
              "lessThan": "7.5 CE*",
              "status": "unaffected",
              "version": "7.5.101-CE",
              "versionType": "custom"
            },
            {
              "lessThan": "5.0*",
              "status": "unaffected",
              "version": "5.0.12-hotfix update",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-14T16:35:08",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0029"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."
        }
      ],
      "source": {
        "defect": [
          "CPATR-16806"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-09-14T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-09-14T16:00:00.000Z",
          "ID": "CVE-2022-0029",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.7",
                            "version_value": "7.7.3"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.7",
                            "version_value": "7.7.3"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.5 CE",
                            "version_value": "7.5.101-CE"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.5 CE",
                            "version_value": "7.5.101-CE"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "5.0",
                            "version_value": "5.0.12-hotfix update"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.8",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "5.0",
                            "version_value": "5.0.12-hotfix update"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0029",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0029"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."
          }
        ],
        "source": {
          "defect": [
            "CPATR-16806"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-09-14T00:00:00",
            "value": "Initial publication"
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 7.7",
          "Cortex XDR Agent 7.5 CE",
          "Cortex XDR Agent 5.0",
          "Cortex XDR Agent"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0029",
    "datePublished": "2022-09-14T16:35:08.910462Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-17T02:41:54.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-3280
Vulnerability from cvelistv5
Published
2023-09-13 16:13
Modified
2024-09-25 17:48
Summary
Cortex XDR Agent: Local Windows User Can Disable the Agent
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:08.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2023-3280"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3280",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T17:41:53.331366Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T17:48:34.264Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "7.5-CE"
            },
            {
              "changes": [
                {
                  "at": "7.9.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.9.3",
              "status": "affected",
              "version": "7.9",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "7.9.101-CE",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.9.101-CE",
              "status": "affected",
              "version": "7.9-CE",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "8.0.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.0.2",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "8.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Manuel Feifel of InfoGuard AG"
        }
      ],
      "datePublic": "2023-09-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\u003c/p\u003e"
            }
          ],
          "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\n\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-578",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-578 Disable Security Software"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-13T16:13:29.266Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "url": "https://security.paloaltonetworks.com/CVE-2023-3280"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.\n"
        }
      ],
      "source": {
        "defect": [
          "CPATR-19884"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-09-13T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2023-3280",
    "datePublished": "2023-09-13T16:13:29.266Z",
    "dateReserved": "2023-06-15T23:55:42.807Z",
    "dateUpdated": "2024-09-25T17:48:34.264Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3042
Vulnerability from cvelistv5
Published
2021-07-15 16:45
Modified
2024-09-17 04:18
Summary
Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation
References
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:50.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.0 all"
            }
          ]
        },
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "affected",
              "version": "6.1.* without content update 181 or later"
            },
            {
              "status": "unaffected",
              "version": "6.1.* with content update 181 or later"
            },
            {
              "status": "affected",
              "version": "7.2.* without content update 181 or later"
            }
          ]
        },
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.2.* with content update 181 or later"
            },
            {
              "status": "unaffected",
              "version": "7.3.* with content update 181 or later"
            },
            {
              "status": "affected",
              "version": "7.3.* without content update 181 or later"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
        }
      ],
      "datePublic": "2021-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-15T16:45:12",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR agent 6.1, Cortex XDR agent 7.2, Cortex XDR agent 7.3, and all later Cortex XDR agent versions with content update 181 or later content updates.\n\nContent updates are required to resolve this issue and are automatically applied for the agent."
        }
      ],
      "source": {
        "defect": [
          "CPATR-13407",
          "CPATR-11790",
          "CPATR-11572"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-07-14T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation",
      "workarounds": [
        {
          "lang": "en",
          "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory (such as C:\\)."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
          "ID": "CVE-2021-3042",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!",
                            "version_name": "5.0",
                            "version_value": "all"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "6.1",
                            "version_value": "6.1.* without content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "6.1",
                            "version_value": "6.1.* with content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.2",
                            "version_value": "7.2.* without content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.2",
                            "version_value": "7.2.* with content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.3",
                            "version_value": "7.3.* with content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.3",
                            "version_value": "7.3.* without content update 181 or later"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427 Uncontrolled Search Path Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2021-3042",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 6.1, Cortex XDR agent 7.2, Cortex XDR agent 7.3, and all later Cortex XDR agent versions with content update 181 or later content updates.\n\nContent updates are required to resolve this issue and are automatically applied for the agent."
          }
        ],
        "source": {
          "defect": [
            "CPATR-13407",
            "CPATR-11790",
            "CPATR-11572"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-07-14T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory (such as C:\\)."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 7.3",
          "Cortex XDR Agent 7.2",
          "Cortex XDR Agent 6.1"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2021-3042",
    "datePublished": "2021-07-15T16:45:12.285628Z",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-09-17T04:18:46.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0013
Vulnerability from cvelistv5
Published
2022-01-12 17:30
Modified
2024-09-16 17:58
Summary
Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.263Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0013"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.4.*"
            },
            {
              "status": "unaffected",
              "version": "7.5.*"
            },
            {
              "changes": [
                {
                  "at": "7.2.4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.2.4",
              "status": "affected",
              "version": "7.2",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "5.0.12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.0.12",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.1.9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.9",
              "status": "affected",
              "version": "6.1",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "7.3.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.3.2",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."
        }
      ],
      "datePublic": "2022-01-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-538",
              "description": "CWE-538 File and Directory Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-12T17:30:17",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0013"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-13480"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-01-12T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
          "ID": "CVE-2022-0013",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.2",
                            "version_value": "7.2.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.0",
                            "version_value": "5.0.12"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.1",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.3",
                            "version_value": "7.3.2"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.2",
                            "version_value": "7.2.4"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "5.0",
                            "version_value": "5.0.12"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.1",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.4",
                            "version_value": "7.4.*"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.3",
                            "version_value": "7.3.2"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.5",
                            "version_value": "7.5.*"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-538 File and Directory Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0013",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0013"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
          }
        ],
        "source": {
          "defect": [
            "CPATR-13480"
          ],
          "discovery": "INTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-01-12T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 7.3",
          "Cortex XDR Agent 7.2",
          "Cortex XDR Agent 6.1",
          "Cortex XDR Agent 5.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0013",
    "datePublished": "2022-01-12T17:30:17.158913Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-16T17:58:02.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-5912
Vulnerability from cvelistv5
Published
2024-07-10 18:40
Modified
2024-08-01 21:25
Summary
Cortex XDR Agent: Improper File Signature Verification Checks
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5912",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T14:37:27.359741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T14:37:33.165Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:25:03.178Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-5912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "8.4",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "8.3-CE",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "8.3",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "7.9.102-CE",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.9.102-CE",
              "status": "affected",
              "version": "7.9-CE",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "8.2.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.2.2",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue."
        }
      ],
      "datePublic": "2024-07-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent\u0027s executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."
            }
          ],
          "value": "An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent\u0027s executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T18:40:16.240Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-5912"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions.\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-22565"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-10T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Improper File Signature Verification Checks",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-5912",
    "datePublished": "2024-07-10T18:40:16.240Z",
    "dateReserved": "2024-06-12T15:27:56.188Z",
    "dateUpdated": "2024-08-01T21:25:03.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2020
Vulnerability from cvelistv5
Published
2020-12-09 18:00
Modified
2024-09-16 20:17
Summary
Cortex XDR Agent: Exceptional condition denial-of-service (DoS)
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2020-2020"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.0.3",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "7.1.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.1.2",
              "status": "affected",
              "version": "7.1",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "5.0.10",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.0.10",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.1.7",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.7",
              "status": "affected",
              "version": "6.1",
              "versionType": "custom"
            },
            {
              "lessThan": "7.2*",
              "status": "unaffected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Paul van der Haas of Orange Cyberdefense for discovering and reporting this issue."
        }
      ],
      "datePublic": "2020-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software\u0027s internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-09T18:00:13",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2020-2020"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR Agent 5.0.10, Cortex XDR Agent 6.1.7, Cortex XDR Agent 7.0.3, Cortex XDR Agent 7.1.2, and all later Cortex XDR Agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-9871"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2020-12-09T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Exceptional condition denial-of-service (DoS)",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2020-12-09T17:00:00.000Z",
          "ID": "CVE-2020-2020",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Exceptional condition denial-of-service (DoS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.0",
                            "version_value": "7.0.3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.1",
                            "version_value": "7.1.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.0",
                            "version_value": "5.0.10"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.1",
                            "version_value": "6.1.7"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.0",
                            "version_value": "7.0.3"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.1",
                            "version_value": "7.1.2"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "5.0",
                            "version_value": "5.0.10"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.1",
                            "version_value": "6.1.7"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.2",
                            "version_value": "7.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Paul van der Haas of Orange Cyberdefense for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software\u0027s internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-755 Improper Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2020-2020",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2020-2020"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR Agent 5.0.10, Cortex XDR Agent 6.1.7, Cortex XDR Agent 7.0.3, Cortex XDR Agent 7.1.2, and all later Cortex XDR Agent versions."
          }
        ],
        "source": {
          "defect": [
            "CPATR-9871"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2020-12-09T00:00:00",
            "value": "Initial publication"
          }
        ],
        "x_affectedList": [
          "Cortex XDR Agent 7.1",
          "Cortex XDR Agent 7.0",
          "Cortex XDR Agent 6.1",
          "Cortex XDR Agent 5.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2020-2020",
    "datePublished": "2020-12-09T18:00:14.069887Z",
    "dateReserved": "2019-12-04T00:00:00",
    "dateUpdated": "2024-09-16T20:17:18.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-5907
Vulnerability from cvelistv5
Published
2024-06-12 16:26
Modified
2024-08-01 21:25
Summary
Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5907",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-08T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T03:56:05.821Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:25:03.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-5907"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.9.102-CE",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.9.102-CE",
              "status": "affected",
              "version": "7.9-CE",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            },
            {
              "changes": [
                {
                  "at": "8.2.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.2.3",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "8.3.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.3.1",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "8.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland\u0027s Research Team for discovering and reporting this issue."
        }
      ],
      "datePublic": "2024-06-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.\u003c/p\u003e"
            }
          ],
          "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:26:39.742Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-5907"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.\u003c/p\u003e"
            }
          ],
          "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
        }
      ],
      "source": {
        "defect": [
          "CPATR-23348"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-12T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability",
      "x_generator": {
        "engine": "vulnogram 0.1.0-rc1"
      },
      "x_legacyV4Record": {
        "CNA_private": {
          "Current-Status": "Verify with Alain how they want to be acknowledged",
          "Priority": "normal",
          "STATE": "review",
          "TYPE": "advisory",
          "affectsSummary": {
            "affected": [
              "None",
              "\u003c 8.3.1 on Windows",
              "\u003c 8.2.3 on Windows",
              "All",
              "\u003c 7.9.102-CE on Windows"
            ],
            "appliesTo": [
              "Cortex XDR Agent 8.4",
              "Cortex XDR Agent 8.3",
              "Cortex XDR Agent 8.2",
              "Cortex XDR Agent 8.1",
              "Cortex XDR Agent 7.9-CE"
            ],
            "product_versions": [
              "Cortex XDR Agent 8.4",
              "Cortex XDR Agent 8.3",
              "Cortex XDR Agent 8.2",
              "Cortex XDR Agent 8.1",
              "Cortex XDR Agent 7.9-CE"
            ],
            "unaffected": [
              "All",
              "\u003e= 8.3.1 on Windows",
              "\u003e= 8.2.3 on Windows",
              "None",
              "\u003e= 7.9.102-CE on Windows"
            ],
            "unknown": [
              "",
              "",
              "",
              "",
              ""
            ]
          },
          "owner": "abaishya",
          "publish": {
            "month": "06",
            "year": "2024",
            "ym": "2024-06"
          },
          "share_with_CVE": true,
          "show_cvss": true
        },
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
          "ID": "CVE-2023-case-CPATR-23348",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.9-CE",
                            "version_value": "7.9.102-CE"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "7.9-CE",
                            "version_value": "7.9.102-CE"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.2",
                            "version_value": "8.2.3"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "8.2",
                            "version_value": "8.2.3"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.3",
                            "version_value": "8.3.1"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "8.3",
                            "version_value": "8.3.1"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "8.4",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.4",
                            "version_value": "All"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "8.1",
                            "version_value": "All"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.1",
                            "version_value": "None"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "vulnogram 0.1.0-rc1"
        },
        "impact": {
          "cvss": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269 Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
          }
        ],
        "source": {
          "defect": [
            "CPATR-23348"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-06-12T00:00:00",
            "value": "Initial publication"
          }
        ],
        "x_advisoryEoL": false
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-5907",
    "datePublished": "2024-06-12T16:26:39.742Z",
    "dateReserved": "2024-06-12T15:27:55.262Z",
    "dateUpdated": "2024-08-01T21:25:03.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0014
Vulnerability from cvelistv5
Published
2022-01-12 17:30
Modified
2024-09-16 23:00
Summary
Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0014"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.4.*"
            },
            {
              "status": "unaffected",
              "version": "7.5.*"
            },
            {
              "status": "unaffected",
              "version": "7.6.*"
            },
            {
              "changes": [
                {
                  "at": "7.2.4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.2.4",
              "status": "affected",
              "version": "7.2",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "7.3.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.3.2",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "5.0.12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.0.12",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.1.9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.9",
              "status": "affected",
              "version": "6.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."
        }
      ],
      "datePublic": "2022-01-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426 Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-12T17:30:18",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0014"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-12633"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-01-12T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
          "ID": "CVE-2022-0014",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.2",
                            "version_value": "7.2.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.3",
                            "version_value": "7.3.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.0",
                            "version_value": "5.0.12"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.1",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.2",
                            "version_value": "7.2.4"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.3",
                            "version_value": "7.3.2"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "5.0",
                            "version_value": "5.0.12"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.1",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.4",
                            "version_value": "7.4.*"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.5",
                            "version_value": "7.5.*"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.6",
                            "version_value": "7.6.*"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-426 Untrusted Search Path"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0014",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0014"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
          }
        ],
        "source": {
          "defect": [
            "CPATR-12633"
          ],
          "discovery": "INTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-01-12T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 7.3",
          "Cortex XDR Agent 7.2",
          "Cortex XDR Agent 6.1",
          "Cortex XDR Agent 5.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0014",
    "datePublished": "2022-01-12T17:30:18.718839Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-16T23:00:50.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0015
Vulnerability from cvelistv5
Published
2022-01-12 17:30
Modified
2024-09-17 02:51
Summary
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0015"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.2.*"
            },
            {
              "status": "unaffected",
              "version": "7.3.*"
            },
            {
              "status": "unaffected",
              "version": "7.4.*"
            },
            {
              "status": "unaffected",
              "version": "7.5.*"
            },
            {
              "status": "unaffected",
              "version": "7.6.*"
            },
            {
              "changes": [
                {
                  "at": "5.0.12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.0.12",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.1.9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.9",
              "status": "affected",
              "version": "6.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-01-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-12T17:30:20",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0015"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, and all later Cortex XDR agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-13405",
          "CPATR-9287"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-01-12T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
          "ID": "CVE-2022-0015",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.0",
                            "version_value": "5.0.12"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.1",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.2",
                            "version_value": "7.2.*"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "5.0",
                            "version_value": "5.0.12"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.1",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.3",
                            "version_value": "7.3.*"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.4",
                            "version_value": "7.4.*"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.5",
                            "version_value": "7.5.*"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "7.6",
                            "version_value": "7.6.*"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427 Uncontrolled Search Path Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0015",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0015"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, and all later Cortex XDR agent versions."
          }
        ],
        "source": {
          "defect": [
            "CPATR-13405",
            "CPATR-9287"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-01-12T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 6.1",
          "Cortex XDR Agent 5.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0015",
    "datePublished": "2022-01-12T17:30:20.503695Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-17T02:51:40.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-5905
Vulnerability from cvelistv5
Published
2024-06-12 16:20
Modified
2024-08-01 21:25
Summary
Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T17:58:42.722169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T17:58:51.232Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:25:03.270Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-5905"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.9.102-CE",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.9.102-CE",
              "status": "affected",
              "version": "7.9-CE",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "8.1.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.1.2",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "8.2.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.2.1",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "8.3.0"
            },
            {
              "status": "unaffected",
              "version": "8.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
        }
      ],
      "datePublic": "2024-06-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-578",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-578 Disable Security Software"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 2,
            "baseSeverity": "LOW",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346 Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:22:57.869Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-5905"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
            }
          ],
          "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-21727"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-12T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent",
      "x_generator": {
        "engine": "vulnogram 0.1.0-rc1"
      },
      "x_legacyV4Record": {
        "CNA_private": {
          "Priority": "normal",
          "STATE": "review",
          "TYPE": "advisory",
          "affectsSummary": {
            "affected": [
              "None",
              "None",
              "\u003c 8.2.1 on Windows",
              "\u003c 8.1.2 on Windows",
              "\u003c 7.9.102-CE on Windows"
            ],
            "appliesTo": [
              "Cortex XDR Agent 8.4",
              "Cortex XDR Agent 8.3",
              "Cortex XDR Agent 8.2",
              "Cortex XDR Agent 8.1",
              "Cortex XDR Agent 7.9-CE"
            ],
            "product_versions": [
              "Cortex XDR Agent 8.4",
              "Cortex XDR Agent 8.3",
              "Cortex XDR Agent 8.2",
              "Cortex XDR Agent 8.1",
              "Cortex XDR Agent 7.9-CE"
            ],
            "unaffected": [
              "All",
              "All",
              "\u003e= 8.2.1 on Windows",
              "\u003e= 8.1.2 on Windows",
              "\u003e= 7.9.102-CE on Windows"
            ],
            "unknown": [
              "",
              "",
              "",
              "",
              ""
            ]
          },
          "owner": "abaishya",
          "publish": {
            "month": "06",
            "year": "2024",
            "ym": "2024-06"
          },
          "share_with_CVE": true,
          "show_cvss": true
        },
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
          "ID": "CVE-2023-case-CPATR-21727",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.9-CE",
                            "version_value": "7.9.102-CE"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "7.9-CE",
                            "version_value": "7.9.102-CE"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.1",
                            "version_value": "8.1.2"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "8.1",
                            "version_value": "8.1.2"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.2",
                            "version_value": "8.2.1"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "8.2",
                            "version_value": "8.2.1"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "8.3",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.3",
                            "version_value": "All"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "8.4",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.4",
                            "version_value": "All"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "vulnogram 0.1.0-rc1"
        },
        "impact": {
          "cvss": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 2,
            "baseSeverity": "LOW",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-346 Origin Validation Error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21727"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
          }
        ],
        "source": {
          "defect": [
            "CPATR-21727"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-06-12T00:00:00",
            "value": "Initial publication"
          }
        ],
        "x_advisoryEoL": false
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-5905",
    "datePublished": "2024-06-12T16:20:35.039Z",
    "dateReserved": "2024-06-12T15:27:53.779Z",
    "dateUpdated": "2024-08-01T21:25:03.270Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0002
Vulnerability from cvelistv5
Published
2023-02-08 17:21
Modified
2024-08-02 04:54
Summary
Cortex XDR Agent: Product Disruption by Local Windows User
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2023-0002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.9 All"
            },
            {
              "status": "unaffected",
              "version": "7.8 All"
            },
            {
              "changes": [
                {
                  "at": "7.5.101-CE",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.5.101-CE",
              "status": "affected",
              "version": "7.5",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "5.0.12.22203",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.0.12.22203",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Palo Alto Networks thanks Fernando Romero de la Morena and Robert McCallum (M42D) for discovering and reporting this issue."
        }
      ],
      "datePublic": "2023-02-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.\u003cbr\u003e"
            }
          ],
          "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693 Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-08T17:21:47.711Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "url": "https://security.paloaltonetworks.com/CVE-2023-0002"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Cortex XDR agent versions."
            }
          ],
          "value": "This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Cortex XDR agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-13215",
          "CPATR-13184"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-08T17:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Product Disruption by Local Windows User",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2023-0002",
    "datePublished": "2023-02-08T17:21:47.711Z",
    "dateReserved": "2022-10-27T18:48:11.588Z",
    "dateUpdated": "2024-08-02T04:54:32.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2049
Vulnerability from cvelistv5
Published
2020-12-09 18:00
Modified
2024-09-17 02:53
Summary
Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation
References
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2020-2049"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.1.* with content update 150"
            },
            {
              "status": "affected",
              "version": "7.1.* without content update 150"
            },
            {
              "status": "unaffected",
              "version": "7.2.* with content update 150"
            },
            {
              "status": "affected",
              "version": "7.2.* without content update 150"
            }
          ]
        },
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "6.1.* with latest content"
            },
            {
              "status": "unaffected",
              "version": "7.0.* with latest content"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Chris Au of PwC Hong Kong - Darklab and Xavier DANEST of Decathlon for discovering and reporting this issue."
        }
      ],
      "datePublic": "2020-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-09T18:00:14",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2020-2049"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Cortex XDR Agent content update version 150 and all later content update versions resolve this issue for Cortex XDR Agent 7.1 and Cortex XDR Agent 7.2 versions.\n\nCortex XDR Agent 6.1 and Cortex XDR Agent 7.0 are not impacted with the latest content update.\n\nContent updates are automatically applied for the agent. A Cortex XDR Agent version upgrade is not required to resolve this issue."
        }
      ],
      "source": {
        "defect": [
          "CPATR-11314",
          "CPATR-10346"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2020-12-09T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation",
      "workarounds": [
        {
          "lang": "en",
          "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory such as C:\\."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2020-12-09T17:00:00.000Z",
          "ID": "CVE-2020-2049",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.1",
                            "version_value": "7.1.* with content update 150"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.1",
                            "version_value": "7.1.* without content update 150"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.2",
                            "version_value": "7.2.* with content update 150"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.2",
                            "version_value": "7.2.* without content update 150"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "6.1",
                            "version_value": "6.1.* with latest content"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.0",
                            "version_value": "7.0.* with latest content"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Chris Au of PwC Hong Kong - Darklab and Xavier DANEST of Decathlon for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427 Uncontrolled Search Path Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2020-2049",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2020-2049"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Cortex XDR Agent content update version 150 and all later content update versions resolve this issue for Cortex XDR Agent 7.1 and Cortex XDR Agent 7.2 versions.\n\nCortex XDR Agent 6.1 and Cortex XDR Agent 7.0 are not impacted with the latest content update.\n\nContent updates are automatically applied for the agent. A Cortex XDR Agent version upgrade is not required to resolve this issue."
          }
        ],
        "source": {
          "defect": [
            "CPATR-11314",
            "CPATR-10346"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2020-12-09T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory such as C:\\."
          }
        ],
        "x_affectedList": [
          "Cortex XDR Agent 7.2",
          "Cortex XDR Agent 7.1"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2020-2049",
    "datePublished": "2020-12-09T18:00:14.602237Z",
    "dateReserved": "2019-12-04T00:00:00",
    "dateUpdated": "2024-09-17T02:53:03.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3041
Vulnerability from cvelistv5
Published
2021-06-10 12:33
Modified
2024-09-16 22:01
Summary
Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:50.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2021-3041"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "5.0.11",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.0.11",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.1.8",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.8",
              "status": "affected",
              "version": "6.1",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "7.2.3 with content update 171 or later",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.2.3 or without content update 171 or later",
              "status": "affected",
              "version": "7.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was found by Robert McCallum of Palo Alto Networks during internal security review."
        }
      ],
      "datePublic": "2021-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-10T12:33:06",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2021-3041"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR agent 5.0.11, Cortex XDR agent 6.1.8, Cortex XDR agent 7.2.3, and all later Cortex XDR agent versions.\n\nContent updates are required to resolve this issue and are automatically applied for the agent."
        }
      ],
      "source": {
        "defect": [
          "CPATR-12634",
          "CPATR-12507",
          "CPATR-11927"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-06-09T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation",
      "workarounds": [
        {
          "lang": "en",
          "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory (such as C:\\) and ensuring they are unable to manipulate the Windows registry."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2021-06-09T16:00:00.000Z",
          "ID": "CVE-2021-3041",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.0",
                            "version_value": "5.0.11"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "5.0",
                            "version_value": "5.0.11"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "6.1",
                            "version_value": "6.1.8"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "6.1",
                            "version_value": "6.1.8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.2",
                            "version_value": "7.2.3 or without content update 171 or later"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "7.2",
                            "version_value": "7.2.3 with content update 171 or later"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was found by Robert McCallum of Palo Alto Networks during internal security review."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427 Uncontrolled Search Path Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2021-3041",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2021-3041"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 5.0.11, Cortex XDR agent 6.1.8, Cortex XDR agent 7.2.3, and all later Cortex XDR agent versions.\n\nContent updates are required to resolve this issue and are automatically applied for the agent."
          }
        ],
        "source": {
          "defect": [
            "CPATR-12634",
            "CPATR-12507",
            "CPATR-11927"
          ],
          "discovery": "INTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-06-09T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory (such as C:\\) and ensuring they are unable to manipulate the Windows registry."
          }
        ],
        "x_affectedList": [
          "Cortex XDR Agent 7.2",
          "Cortex XDR Agent 6.1",
          "Cortex XDR Agent 5.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2021-3041",
    "datePublished": "2021-06-10T12:33:06.552120Z",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-09-16T22:01:54.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0026
Vulnerability from cvelistv5
Published
2022-05-11 16:30
Modified
2024-09-17 01:26
Summary
Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.652Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "affected",
              "version": "7.7.* without CU-330"
            },
            {
              "status": "unaffected",
              "version": "7.7.* with CU-330"
            },
            {
              "status": "affected",
              "version": "7.6.* without CU-330"
            },
            {
              "status": "unaffected",
              "version": "7.6.* with CU-330"
            },
            {
              "status": "affected",
              "version": "7.5 CE 7.5.* without CU-330"
            },
            {
              "status": "unaffected",
              "version": "7.5 CE 7.5.* with CU-330"
            },
            {
              "status": "affected",
              "version": "7.4.* without CU-330"
            },
            {
              "status": "unaffected",
              "version": "7.4.* with CU-330"
            },
            {
              "status": "affected",
              "version": "6.1.* without CU-330"
            },
            {
              "status": "unaffected",
              "version": "6.1.* with CU-330"
            },
            {
              "status": "affected",
              "version": "7.5.* without CU-330"
            },
            {
              "status": "unaffected",
              "version": "7.5.* with CU-330"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon and Yasser Alhazmi for discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-282",
              "description": "CWE-282 Improper Ownership Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-11T16:30:25",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in all Cortex XDR agent versions with content update 330 and later content update versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-13696",
          "CPATR-13873"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-05-11T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-05-11T16:00:00.000Z",
          "ID": "CVE-2022-0026",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.7",
                            "version_value": "7.7.* without CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.7",
                            "version_value": "7.7.* with CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.6",
                            "version_value": "7.6.* without CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.6",
                            "version_value": "7.6.* with CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.5 CE",
                            "version_value": "7.5.* without CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.5 CE",
                            "version_value": "7.5.* with CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.4",
                            "version_value": "7.4.* without CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.4",
                            "version_value": "7.4.* with CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "6.1",
                            "version_value": "6.1.* without CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "6.1",
                            "version_value": "6.1.* with CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.5",
                            "version_value": "7.5.* without CU-330"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.5",
                            "version_value": "7.5.* with CU-330"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon and Yasser Alhazmi for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-282 Improper Ownership Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0026",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in all Cortex XDR agent versions with content update 330 and later content update versions."
          }
        ],
        "source": {
          "defect": [
            "CPATR-13696",
            "CPATR-13873"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-05-11T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 7.7",
          "Cortex XDR Agent 7.6",
          "Cortex XDR Agent 7.5",
          "Cortex XDR Agent 7.4",
          "Cortex XDR Agent 7.5 CE",
          "Cortex XDR Agent 6.1"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0026",
    "datePublished": "2022-05-11T16:30:25.746724Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-17T01:26:10.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9469
Vulnerability from cvelistv5
Published
2024-10-09 17:05
Modified
2024-10-18 11:55
Summary
Cortex XDR Agent: Local Windows User Can Disable the Agent
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9469",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T17:38:18.728169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T17:38:44.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.9.102-CE",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.9.102-CE",
              "status": "affected",
              "version": "7.9",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "8.3.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.3.1",
              "status": "affected",
              "version": "8.3",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "8.3-CE"
            },
            {
              "changes": [
                {
                  "at": "8.4.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.4.1",
              "status": "affected",
              "version": "8.4",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "8.5"
            },
            {
              "status": "unaffected",
              "version": "8.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Orange Cyberdefense Switzerland\u0027s Research Team"
        }
      ],
      "datePublic": "2024-10-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
            }
          ],
          "value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-18T11:55:36.651Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-9469"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
            }
          ],
          "value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-23347"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-09T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-9469",
    "datePublished": "2024-10-09T17:05:55.091Z",
    "dateReserved": "2024-10-03T11:35:16.152Z",
    "dateUpdated": "2024-10-18T11:55:36.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}