Search criteria
54 vulnerabilities found for cortex_xdr_agent by paloaltonetworks
FKIE_CVE-2024-9469
Vulnerability from fkie_nvd - Published: 2024-10-09 17:15 - Updated: 2024-10-15 18:38
Severity ?
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@paloaltonetworks.com | https://security.paloaltonetworks.com/CVE-2024-9469 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | 8.3.0 | |
| paloaltonetworks | cortex_xdr_agent | 8.4.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:*:*:*",
"matchCriteriaId": "E7510DB5-E41B-484D-8BE8-12F7BECA18C6",
"versionEndExcluding": "7.9.102",
"versionStartIncluding": "7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:*:*:*:-:*:*:*",
"matchCriteriaId": "8632049D-4794-46B0-88A8-D14261C40620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:*:*:*:-:*:*:*",
"matchCriteriaId": "01CDA3EB-9E29-4A07-B9CF-219436C170D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
},
{
"lang": "es",
"value": "Un problema con un mecanismo de detecci\u00f3n en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite que un usuario con privilegios no administrativos de Windows deshabilite el agente. Este problema puede ser aprovechado por malware para deshabilitar el agente Cortex XDR y luego realizar una actividad maliciosa."
}
],
"id": "CVE-2024-9469",
"lastModified": "2024-10-15T18:38:25.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-10-09T17:15:20.770",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-9469"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-8690
Vulnerability from fkie_nvd - Published: 2024-09-11 17:15 - Updated: 2024-10-15 18:38
Severity ?
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@paloaltonetworks.com | https://security.paloaltonetworks.com/CVE-2024-8690 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | cortex_xdr_agent | 7.9.102 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102:*:*:*:critical_environment:*:*:*",
"matchCriteriaId": "DAD96F99-F6DD-4310-AC22-23354CB10FF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
},
{
"lang": "es",
"value": "Un problema con un mecanismo de detecci\u00f3n en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite que un usuario con privilegios de administrador de Windows deshabilite el agente. Este problema puede ser aprovechado por malware para deshabilitar el agente Cortex XDR y luego realizar una actividad maliciosa."
}
],
"id": "CVE-2024-8690",
"lastModified": "2024-10-15T18:38:32.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-09-11T17:15:14.487",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-8690"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-440"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-5907
Vulnerability from fkie_nvd - Published: 2024-06-12 17:15 - Updated: 2024-11-21 09:48
Severity ?
Summary
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:*:*:*",
"matchCriteriaId": "E7510DB5-E41B-484D-8BE8-12F7BECA18C6",
"versionEndExcluding": "7.9.102",
"versionStartIncluding": "7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84B436C7-8804-4860-BA71-F9052BD339F6",
"versionEndExcluding": "8.2.3",
"versionStartIncluding": "8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12439BD7-6910-403C-B970-AE14A841DEBD",
"versionEndExcluding": "8.3.1",
"versionStartIncluding": "8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escalada de privilegios (PE) en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un usuario local ejecutar programas con privilegios elevados. Sin embargo, la ejecuci\u00f3n requiere que el usuario local aproveche con \u00e9xito una condici\u00f3n de ejecuci\u00f3n, lo que hace que esta vulnerabilidad sea dif\u00edcil de explotar."
}
],
"id": "CVE-2024-5907",
"lastModified": "2024-11-21T09:48:33.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-06-12T17:15:53.127",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-5909
Vulnerability from fkie_nvd - Published: 2024-06-12 17:15 - Updated: 2024-11-21 09:48
Severity ?
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:windows:*:*",
"matchCriteriaId": "76F416A4-2527-4B52-BBED-FF648B8209B0",
"versionEndExcluding": "7.9.102",
"versionStartIncluding": "7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8E20EA13-B11E-4578-8DB1-AEBC51EAD4E1",
"versionEndExcluding": "8.1.2",
"versionStartIncluding": "8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E60C3C3C-01B8-4A72-B4B6-89BB374BBBB9",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
},
{
"lang": "es",
"value": "Un problema con un mecanismo de protecci\u00f3n en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite que un usuario local de Windows con pocos privilegios deshabilite el agente. Este problema puede ser aprovechado por malware para desactivar el agente Cortex XDR y luego realizar actividades maliciosas."
}
],
"id": "CVE-2024-5909",
"lastModified": "2024-11-21T09:48:33.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-06-12T17:15:53.370",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-5905
Vulnerability from fkie_nvd - Published: 2024-06-12 17:15 - Updated: 2024-11-21 09:48
Severity ?
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:content_update:*:*:*",
"matchCriteriaId": "09772885-7300-4BB8-8E6B-D4CE4474D479",
"versionEndExcluding": "7.9.102",
"versionStartIncluding": "7.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D085EDE6-405B-4AC0-9C86-0104B6FA3AE0",
"versionEndExcluding": "8.1.2",
"versionStartIncluding": "8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB9F55A-17D4-47B4-AFCE-EE2AB1B67FF5",
"versionEndExcluding": "8.2.1",
"versionStartIncluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
},
{
"lang": "es",
"value": "Un problema con un mecanismo de protecci\u00f3n en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite que un usuario local de Windows con pocos privilegios interrumpa algunas funciones del agente. Sin embargo, no pueden interrumpir los mecanismos de protecci\u00f3n del agente Cortex XDR utilizando esta vulnerabilidad."
}
],
"id": "CVE-2024-5905",
"lastModified": "2024-11-21T09:48:33.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.0,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-06-12T17:15:52.847",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-3280
Vulnerability from fkie_nvd - Published: 2023-09-13 17:15 - Updated: 2024-11-21 08:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | 7.5.102 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847D7E4D-E088-45F4-8843-56F0F2131D69",
"versionEndIncluding": "5.0.12.22203",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5F40DE3D-6113-4823-99EC-730BCA0EA408",
"versionEndExcluding": "7.9.3",
"versionStartIncluding": "7.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:content_update:*:*:*",
"matchCriteriaId": "186B115E-3534-4A84-B663-BF8BB7118EA7",
"versionEndExcluding": "7.9.101",
"versionStartIncluding": "7.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE005B8A-9F4D-49B1-9A41-4711380D9FE3",
"versionEndExcluding": "8.0.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.5.102:*:*:*:content_update:*:*:*",
"matchCriteriaId": "4F3F0B52-38A7-4CA4-9727-F105A626F6EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\n\n"
},
{
"lang": "es",
"value": "Un problema con un mecanismo de protecci\u00f3n en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un usuario local desactivar el agente."
}
],
"id": "CVE-2023-3280",
"lastModified": "2024-11-21T08:16:55.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-13T17:15:09.963",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-3280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-3280"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-0001
Vulnerability from fkie_nvd - Published: 2023-02-08 18:15 - Updated: 2024-11-21 07:36
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | cortex_xdr_agent | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:*:*:*",
"matchCriteriaId": "EC5B0E84-B9A5-4FE3-B2E5-A64AEF57BCF3",
"versionEndExcluding": "7.5.101",
"versionStartIncluding": "7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
}
],
"id": "CVE-2023-0001",
"lastModified": "2024-11-21T07:36:22.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-08T18:15:11.523",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-0002
Vulnerability from fkie_nvd - Published: 2023-02-08 18:15 - Updated: 2024-11-21 07:36
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "213B017D-D17C-460A-BC5C-6B6A4BFFA8E4",
"versionEndExcluding": "5.0.12.22203",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:*:*:*",
"matchCriteriaId": "C72CD204-E989-4990-A4AF-BFE65817CD31",
"versionEndIncluding": "7.5.101",
"versionStartIncluding": "7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.\n"
}
],
"id": "CVE-2023-0002",
"lastModified": "2024-11-21T07:36:22.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-08T18:15:11.683",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-0029
Vulnerability from fkie_nvd - Published: 2022-09-14 17:15 - Updated: 2024-11-21 06:37
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * | |
| paloaltonetworks | cortex_xdr_agent | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA2B1DA-165F-44A9-B173-F39842438E69",
"versionEndExcluding": "5.0.12",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:*:*:*",
"matchCriteriaId": "EC5B0E84-B9A5-4FE3-B2E5-A64AEF57BCF3",
"versionEndExcluding": "7.5.101",
"versionStartIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD5FFFD-BCE2-43FB-806D-D839719671F3",
"versionEndExcluding": "7.7.3",
"versionStartIncluding": "7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de resoluci\u00f3n de enlaces inapropiada en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un atacante local leer archivos en el sistema con altos privilegios cuando es generado un archivo de soporte t\u00e9cnico"
}
],
"id": "CVE-2022-0029",
"lastModified": "2024-11-21T06:37:51.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-14T17:15:10.110",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-0025
Vulnerability from fkie_nvd - Published: 2022-05-11 17:15 - Updated: 2024-11-21 06:37
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paloaltonetworks | cortex_xdr_agent | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "600071E7-A60E-49D4-AD97-4208767FF38C",
"versionEndExcluding": "7.7.1.62043",
"versionStartIncluding": "7.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de escalada de privilegios (PE) local en el software Cortex XDR agent de Palo Alto Networks en Windows que permite a un usuario local autenticado con privilegios de creaci\u00f3n de archivos en el directorio root de Windows (como C:\\) ejecutar un programa con altos privilegios. Este problema afecta a: Todas las versiones de Cortex XDR agent cuando es actualizado al agente Cortex XDR 7.7.0 en Windows; Cortex XDR agent versi\u00f3n XDR 7.7.0 sin la actualizaci\u00f3n de contenido 500 o una versi\u00f3n posterior en Windows. Este problema no afecta a otras plataformas ni a otras versiones del Cortex XDR agent"
}
],
"id": "CVE-2022-0025",
"lastModified": "2024-11-21T06:37:50.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-11T17:15:09.227",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-9469 (GCVE-0-2024-9469)
Vulnerability from cvelistv5 – Published: 2024-10-09 17:05 – Updated: 2024-10-18 11:55
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9 , < 7.9.102-CE
(custom)
Affected: 8.3 , < 8.3.1 (custom) Unaffected: 8.3-CE Affected: 8.4 , < 8.4.1 (custom) Unaffected: 8.5 Unaffected: 8.6 cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:* |
Credits
Orange Cyberdefense Switzerland's Research Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:38:18.728169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:38:44.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"changes": [
{
"at": "8.4.1",
"status": "unaffected"
}
],
"lessThan": "8.4.1",
"status": "affected",
"version": "8.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Orange Cyberdefense Switzerland\u0027s Research Team"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T11:55:36.651Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-9469"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
}
],
"value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-23347"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-10-09T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-9469",
"datePublished": "2024-10-09T17:05:55.091Z",
"dateReserved": "2024-10-03T11:35:16.152Z",
"dateUpdated": "2024-10-18T11:55:36.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8690 (GCVE-0-2024-8690)
Vulnerability from cvelistv5 – Published: 2024-09-11 16:42 – Updated: 2024-09-11 18:24
VLAI?
Title
Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.5
Unaffected: 8.4 Unaffected: 8.3 Unaffected: 8.3-CE Unaffected: 8.2 Affected: 7.9.102-CE |
Credits
Ayman Sagy of CyberCX
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:23:32.709813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:24:05.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.4"
},
{
"status": "unaffected",
"version": "8.3"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"status": "unaffected",
"version": "8.2"
},
{
"status": "affected",
"version": "7.9.102-CE"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ayman Sagy of CyberCX"
}
],
"datePublic": "2024-09-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440: Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T16:42:39.974Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8690"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-20644"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-11T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows Administrator Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-8690",
"datePublished": "2024-09-11T16:42:39.974Z",
"dateReserved": "2024-09-11T08:21:15.662Z",
"dateUpdated": "2024-09-11T18:24:05.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5909 (GCVE-0-2024-5909)
Vulnerability from cvelistv5 – Published: 2024-06-12 16:29 – Updated: 2024-08-01 21:25
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.4.0
Unaffected: 8.3.0 Affected: 8.2.0 , < 8.2.1 (custom) Affected: 8.1.0 , < 8.1.2 (custom) Affected: 7.9-CE , < 7.9.102-CE (custom) |
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:51:54.433806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:52:05.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.4.0"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:29:23.822Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectedKeywords": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0",
"Cortex XDR Agent"
],
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21826",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5909",
"datePublished": "2024-06-12T16:29:23.822Z",
"dateReserved": "2024-06-12T15:27:55.683Z",
"dateUpdated": "2024-08-01T21:25:03.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5907 (GCVE-0-2024-5907)
Vulnerability from cvelistv5 – Published: 2024-06-12 16:26 – Updated: 2024-08-01 21:25
VLAI?
Title
Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability
Summary
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9-CE , < 7.9.102-CE
(custom)
Affected: 8.1.0 Affected: 8.2.0 , < 8.2.3 (custom) Affected: 8.3.0 , < 8.3.1 (custom) Unaffected: 8.4.0 |
Credits
Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T03:56:05.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.1.0"
},
{
"changes": [
{
"at": "8.2.3",
"status": "unaffected"
}
],
"lessThan": "8.2.3",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland\u0027s Research Team for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.\u003c/p\u003e"
}
],
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:26:39.742Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Current-Status": "Verify with Alain how they want to be acknowledged",
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"None",
"\u003c 8.3.1 on Windows",
"\u003c 8.2.3 on Windows",
"All",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"\u003e= 8.3.1 on Windows",
"\u003e= 8.2.3 on Windows",
"None",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-23348",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.3"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.3"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.3",
"version_value": "8.3.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.3",
"version_value": "8.3.1"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.1",
"version_value": "All"
},
{
"version_affected": "!",
"version_name": "8.1",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5907",
"datePublished": "2024-06-12T16:26:39.742Z",
"dateReserved": "2024-06-12T15:27:55.262Z",
"dateUpdated": "2024-08-01T21:25:03.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5905 (GCVE-0-2024-5905)
Vulnerability from cvelistv5 – Published: 2024-06-12 16:20 – Updated: 2024-08-01 21:25
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.
Severity ?
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9-CE , < 7.9.102-CE
(custom)
Affected: 8.1.0 , < 8.1.2 (custom) Affected: 8.2.0 , < 8.2.1 (custom) Unaffected: 8.3.0 Unaffected: 8.4.0 |
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:58:42.722169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T17:58:51.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"status": "unaffected",
"version": "8.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:22:57.869Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21727",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21727"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5905",
"datePublished": "2024-06-12T16:20:35.039Z",
"dateReserved": "2024-06-12T15:27:53.779Z",
"dateUpdated": "2024-08-01T21:25:03.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3280 (GCVE-0-2023-3280)
Vulnerability from cvelistv5 – Published: 2023-09-13 16:13 – Updated: 2024-09-25 17:48
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
Severity ?
5.5 (Medium)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
5.0
Affected: 7.5-CE Affected: 7.9 , < 7.9.3 (custom) Affected: 7.9-CE , < 7.9.101-CE (custom) Affected: 8.0 , < 8.0.2 (custom) Unaffected: 8.1 |
Credits
Manuel Feifel of InfoGuard AG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-3280"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:41:53.331366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:48:34.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "7.5-CE"
},
{
"changes": [
{
"at": "7.9.3",
"status": "unaffected"
}
],
"lessThan": "7.9.3",
"status": "affected",
"version": "7.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.101-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.101-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.0.2",
"status": "unaffected"
}
],
"lessThan": "8.0.2",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Manuel Feifel of InfoGuard AG"
}
],
"datePublic": "2023-09-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T16:13:29.266Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-3280"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.\n"
}
],
"source": {
"defect": [
"CPATR-19884"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-09-13T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-3280",
"datePublished": "2023-09-13T16:13:29.266Z",
"dateReserved": "2023-06-15T23:55:42.807Z",
"dateUpdated": "2024-09-25T17:48:34.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0002 (GCVE-0-2023-0002)
Vulnerability from cvelistv5 – Published: 2023-02-08 17:21 – Updated: 2025-03-25 13:57
VLAI?
Title
Cortex XDR Agent: Product Disruption by Local Windows User
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
Severity ?
5.5 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR agent |
Unaffected:
7.9 All
Unaffected: 7.8 All Affected: 7.5 , < 7.5.101-CE (custom) Affected: 5.0 , < 5.0.12.22203 (custom) |
Credits
Palo Alto Networks thanks Fernando Romero de la Morena and Robert McCallum (M42D) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:56:53.392401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:57:01.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.9 All"
},
{
"status": "unaffected",
"version": "7.8 All"
},
{
"changes": [
{
"at": "7.5.101-CE",
"status": "unaffected"
}
],
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.0.12.22203",
"status": "unaffected"
}
],
"lessThan": "5.0.12.22203",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Palo Alto Networks thanks Fernando Romero de la Morena and Robert McCallum (M42D) for discovering and reporting this issue."
}
],
"datePublic": "2023-02-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.\u003cbr\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-08T17:21:47.711Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Cortex XDR agent versions."
}
],
"value": "This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13215",
"CPATR-13184"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-08T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Product Disruption by Local Windows User",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-0002",
"datePublished": "2023-02-08T17:21:47.711Z",
"dateReserved": "2022-10-27T18:48:11.588Z",
"dateUpdated": "2025-03-25T13:57:01.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0001 (GCVE-0-2023-0001)
Vulnerability from cvelistv5 – Published: 2023-02-08 17:20 – Updated: 2024-08-02 04:54
VLAI?
Title
Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
Summary
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
Severity ?
6 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR agent |
Unaffected:
7.9 All
Unaffected: 7.8 All Affected: 7.5 , < 7.5.101-CE (custom) Unaffected: 5.0 All |
Credits
Palo Alto Networks thanks Robert McCallum (M42D) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.9 All"
},
{
"status": "unaffected",
"version": "7.8 All"
},
{
"changes": [
{
"at": "7.5.101-CE",
"status": "unaffected"
}
],
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.0 All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Palo Alto Networks thanks Robert McCallum (M42D) for discovering and reporting this issue."
}
],
"datePublic": "2023-02-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
}
],
"value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T18:25:00.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\u003cbr\u003e\u003cbr\u003eAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
}
],
"value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\n\nAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
}
],
"source": {
"defect": [
"CPATR-13152"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-08T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Cleartext Exposure of Agent Admin Password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-0001",
"datePublished": "2023-02-08T17:20:20.774Z",
"dateReserved": "2022-10-27T18:47:48.958Z",
"dateUpdated": "2024-08-02T04:54:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0029 (GCVE-0-2022-0029)
Vulnerability from cvelistv5 – Published: 2022-09-14 16:35 – Updated: 2025-06-04 15:08
VLAI?
Title
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
Summary
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
Severity ?
5.5 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.7 , < 7.7.3
(custom)
Affected: 7.5 CE , < 7.5.101-CE (custom) Affected: 5.0 , < 5.0.12-hotfix update (custom) |
|||||||
|
|||||||||
Credits
Palo Alto Networks thanks Diego García of INCIDE for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T15:08:25.783065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T15:08:32.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThan": "7.7.3",
"status": "affected",
"version": "7.7",
"versionType": "custom"
},
{
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5 CE",
"versionType": "custom"
},
{
"lessThan": "5.0.12-hotfix update",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.8 all"
},
{
"lessThan": "7.7*",
"status": "unaffected",
"version": "7.7.3",
"versionType": "custom"
},
{
"lessThan": "7.5 CE*",
"status": "unaffected",
"version": "7.5.101-CE",
"versionType": "custom"
},
{
"lessThan": "5.0*",
"status": "unaffected",
"version": "5.0.12-hotfix update",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."
}
],
"datePublic": "2022-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T16:35:08.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."
}
],
"source": {
"defect": [
"CPATR-16806"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-09-14T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-09-14T16:00:00.000Z",
"ID": "CVE-2022-0029",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.7",
"version_value": "7.7.3"
},
{
"version_affected": "!\u003e=",
"version_name": "7.7",
"version_value": "7.7.3"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.5 CE",
"version_value": "7.5.101-CE"
},
{
"version_affected": "!\u003e=",
"version_name": "7.5 CE",
"version_value": "7.5.101-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.12-hotfix update"
},
{
"version_affected": "!",
"version_name": "7.8",
"version_value": "all"
},
{
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.12-hotfix update"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0029",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."
}
],
"source": {
"defect": [
"CPATR-16806"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-09-14T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.7",
"Cortex XDR Agent 7.5 CE",
"Cortex XDR Agent 5.0",
"Cortex XDR Agent"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0029",
"datePublished": "2022-09-14T16:35:08.910Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2025-06-04T15:08:32.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0025 (GCVE-0-2022-0025)
Vulnerability from cvelistv5 – Published: 2022-05-11 16:30 – Updated: 2024-09-17 02:42
VLAI?
Title
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
Summary
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent.
Severity ?
6.7 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.7 , < 7.7.1.62043 without CU-500
(custom)
|
|||||||
|
|||||||||
Credits
Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.7.1.62043",
"status": "unaffected"
}
],
"lessThan": "7.7.1.62043 without CU-500",
"status": "affected",
"version": "7.7",
"versionType": "custom"
}
]
},
{
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.7.* with CU-500"
},
{
"status": "unaffected",
"version": "7.6 all"
},
{
"status": "unaffected",
"version": "7.5 CE all"
},
{
"status": "unaffected",
"version": "7.4 all"
},
{
"status": "unaffected",
"version": "7.5 all"
},
{
"status": "unaffected",
"version": "6.1 all"
},
{
"status": "unaffected",
"version": "5.0 all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue."
}
],
"datePublic": "2022-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:30:24",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.7.0 with content update 500, Cortex XDR agent 7.7.1 build 7.7.1.62043, and all later Cortex XDR agent versions.\n\nEnsure that Cortex XDR agent is upgraded to Cortex XDR agent 7.7.1.62043 or a later build when upgrading Cortex XDR agent to Cortex XDR agent 7.7 to prevent exposure to this vulnerability during the upgrade process."
}
],
"source": {
"defect": [
"CPATR-16696"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-11T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-05-11T16:00:00.000Z",
"ID": "CVE-2022-0025",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.7",
"version_value": "7.7.1.62043 without CU-500"
},
{
"version_affected": "!",
"version_name": "7.7",
"version_value": "7.7.* with CU-500"
},
{
"version_affected": "!",
"version_name": "7.6",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "7.5 CE",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "7.4",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "7.5",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "6.1",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "5.0",
"version_value": "all"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.7",
"version_value": "7.7.1.62043"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0025",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.7.0 with content update 500, Cortex XDR agent 7.7.1 build 7.7.1.62043, and all later Cortex XDR agent versions.\n\nEnsure that Cortex XDR agent is upgraded to Cortex XDR agent 7.7.1.62043 or a later build when upgrading Cortex XDR agent to Cortex XDR agent 7.7 to prevent exposure to this vulnerability during the upgrade process."
}
],
"source": {
"defect": [
"CPATR-16696"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-11T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.7",
"Cortex XDR Agent"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0025",
"datePublished": "2022-05-11T16:30:24.228159Z",
"dateReserved": "2021-12-28T00:00:00",
"dateUpdated": "2024-09-17T02:42:23.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9469 (GCVE-0-2024-9469)
Vulnerability from nvd – Published: 2024-10-09 17:05 – Updated: 2024-10-18 11:55
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9 , < 7.9.102-CE
(custom)
Affected: 8.3 , < 8.3.1 (custom) Unaffected: 8.3-CE Affected: 8.4 , < 8.4.1 (custom) Unaffected: 8.5 Unaffected: 8.6 cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:* |
Credits
Orange Cyberdefense Switzerland's Research Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:38:18.728169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:38:44.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"changes": [
{
"at": "8.4.1",
"status": "unaffected"
}
],
"lessThan": "8.4.1",
"status": "affected",
"version": "8.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Orange Cyberdefense Switzerland\u0027s Research Team"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T11:55:36.651Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-9469"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
}
],
"value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-23347"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-10-09T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-9469",
"datePublished": "2024-10-09T17:05:55.091Z",
"dateReserved": "2024-10-03T11:35:16.152Z",
"dateUpdated": "2024-10-18T11:55:36.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8690 (GCVE-0-2024-8690)
Vulnerability from nvd – Published: 2024-09-11 16:42 – Updated: 2024-09-11 18:24
VLAI?
Title
Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.5
Unaffected: 8.4 Unaffected: 8.3 Unaffected: 8.3-CE Unaffected: 8.2 Affected: 7.9.102-CE |
Credits
Ayman Sagy of CyberCX
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:23:32.709813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:24:05.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.4"
},
{
"status": "unaffected",
"version": "8.3"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"status": "unaffected",
"version": "8.2"
},
{
"status": "affected",
"version": "7.9.102-CE"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ayman Sagy of CyberCX"
}
],
"datePublic": "2024-09-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440: Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T16:42:39.974Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8690"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-20644"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-11T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows Administrator Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-8690",
"datePublished": "2024-09-11T16:42:39.974Z",
"dateReserved": "2024-09-11T08:21:15.662Z",
"dateUpdated": "2024-09-11T18:24:05.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5909 (GCVE-0-2024-5909)
Vulnerability from nvd – Published: 2024-06-12 16:29 – Updated: 2024-08-01 21:25
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.4.0
Unaffected: 8.3.0 Affected: 8.2.0 , < 8.2.1 (custom) Affected: 8.1.0 , < 8.1.2 (custom) Affected: 7.9-CE , < 7.9.102-CE (custom) |
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:51:54.433806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:52:05.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.4.0"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:29:23.822Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectedKeywords": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0",
"Cortex XDR Agent"
],
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21826",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5909",
"datePublished": "2024-06-12T16:29:23.822Z",
"dateReserved": "2024-06-12T15:27:55.683Z",
"dateUpdated": "2024-08-01T21:25:03.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5907 (GCVE-0-2024-5907)
Vulnerability from nvd – Published: 2024-06-12 16:26 – Updated: 2024-08-01 21:25
VLAI?
Title
Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability
Summary
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9-CE , < 7.9.102-CE
(custom)
Affected: 8.1.0 Affected: 8.2.0 , < 8.2.3 (custom) Affected: 8.3.0 , < 8.3.1 (custom) Unaffected: 8.4.0 |
Credits
Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T03:56:05.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.1.0"
},
{
"changes": [
{
"at": "8.2.3",
"status": "unaffected"
}
],
"lessThan": "8.2.3",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland\u0027s Research Team for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.\u003c/p\u003e"
}
],
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:26:39.742Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Current-Status": "Verify with Alain how they want to be acknowledged",
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"None",
"\u003c 8.3.1 on Windows",
"\u003c 8.2.3 on Windows",
"All",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"\u003e= 8.3.1 on Windows",
"\u003e= 8.2.3 on Windows",
"None",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-23348",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.3"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.3"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.3",
"version_value": "8.3.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.3",
"version_value": "8.3.1"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.1",
"version_value": "All"
},
{
"version_affected": "!",
"version_name": "8.1",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5907",
"datePublished": "2024-06-12T16:26:39.742Z",
"dateReserved": "2024-06-12T15:27:55.262Z",
"dateUpdated": "2024-08-01T21:25:03.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5905 (GCVE-0-2024-5905)
Vulnerability from nvd – Published: 2024-06-12 16:20 – Updated: 2024-08-01 21:25
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.
Severity ?
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9-CE , < 7.9.102-CE
(custom)
Affected: 8.1.0 , < 8.1.2 (custom) Affected: 8.2.0 , < 8.2.1 (custom) Unaffected: 8.3.0 Unaffected: 8.4.0 |
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:58:42.722169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T17:58:51.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"status": "unaffected",
"version": "8.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:22:57.869Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21727",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21727"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5905",
"datePublished": "2024-06-12T16:20:35.039Z",
"dateReserved": "2024-06-12T15:27:53.779Z",
"dateUpdated": "2024-08-01T21:25:03.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3280 (GCVE-0-2023-3280)
Vulnerability from nvd – Published: 2023-09-13 16:13 – Updated: 2024-09-25 17:48
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
Severity ?
5.5 (Medium)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
5.0
Affected: 7.5-CE Affected: 7.9 , < 7.9.3 (custom) Affected: 7.9-CE , < 7.9.101-CE (custom) Affected: 8.0 , < 8.0.2 (custom) Unaffected: 8.1 |
Credits
Manuel Feifel of InfoGuard AG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-3280"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:41:53.331366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:48:34.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "7.5-CE"
},
{
"changes": [
{
"at": "7.9.3",
"status": "unaffected"
}
],
"lessThan": "7.9.3",
"status": "affected",
"version": "7.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.101-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.101-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.0.2",
"status": "unaffected"
}
],
"lessThan": "8.0.2",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Manuel Feifel of InfoGuard AG"
}
],
"datePublic": "2023-09-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T16:13:29.266Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-3280"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.\n"
}
],
"source": {
"defect": [
"CPATR-19884"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-09-13T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-3280",
"datePublished": "2023-09-13T16:13:29.266Z",
"dateReserved": "2023-06-15T23:55:42.807Z",
"dateUpdated": "2024-09-25T17:48:34.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0002 (GCVE-0-2023-0002)
Vulnerability from nvd – Published: 2023-02-08 17:21 – Updated: 2025-03-25 13:57
VLAI?
Title
Cortex XDR Agent: Product Disruption by Local Windows User
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
Severity ?
5.5 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR agent |
Unaffected:
7.9 All
Unaffected: 7.8 All Affected: 7.5 , < 7.5.101-CE (custom) Affected: 5.0 , < 5.0.12.22203 (custom) |
Credits
Palo Alto Networks thanks Fernando Romero de la Morena and Robert McCallum (M42D) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:56:53.392401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:57:01.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.9 All"
},
{
"status": "unaffected",
"version": "7.8 All"
},
{
"changes": [
{
"at": "7.5.101-CE",
"status": "unaffected"
}
],
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.0.12.22203",
"status": "unaffected"
}
],
"lessThan": "5.0.12.22203",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Palo Alto Networks thanks Fernando Romero de la Morena and Robert McCallum (M42D) for discovering and reporting this issue."
}
],
"datePublic": "2023-02-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.\u003cbr\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-08T17:21:47.711Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Cortex XDR agent versions."
}
],
"value": "This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13215",
"CPATR-13184"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-08T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Product Disruption by Local Windows User",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-0002",
"datePublished": "2023-02-08T17:21:47.711Z",
"dateReserved": "2022-10-27T18:48:11.588Z",
"dateUpdated": "2025-03-25T13:57:01.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0001 (GCVE-0-2023-0001)
Vulnerability from nvd – Published: 2023-02-08 17:20 – Updated: 2024-08-02 04:54
VLAI?
Title
Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
Summary
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
Severity ?
6 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR agent |
Unaffected:
7.9 All
Unaffected: 7.8 All Affected: 7.5 , < 7.5.101-CE (custom) Unaffected: 5.0 All |
Credits
Palo Alto Networks thanks Robert McCallum (M42D) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.9 All"
},
{
"status": "unaffected",
"version": "7.8 All"
},
{
"changes": [
{
"at": "7.5.101-CE",
"status": "unaffected"
}
],
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.0 All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Palo Alto Networks thanks Robert McCallum (M42D) for discovering and reporting this issue."
}
],
"datePublic": "2023-02-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
}
],
"value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T18:25:00.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\u003cbr\u003e\u003cbr\u003eAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
}
],
"value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\n\nAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
}
],
"source": {
"defect": [
"CPATR-13152"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-08T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Cleartext Exposure of Agent Admin Password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-0001",
"datePublished": "2023-02-08T17:20:20.774Z",
"dateReserved": "2022-10-27T18:47:48.958Z",
"dateUpdated": "2024-08-02T04:54:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0029 (GCVE-0-2022-0029)
Vulnerability from nvd – Published: 2022-09-14 16:35 – Updated: 2025-06-04 15:08
VLAI?
Title
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
Summary
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
Severity ?
5.5 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.7 , < 7.7.3
(custom)
Affected: 7.5 CE , < 7.5.101-CE (custom) Affected: 5.0 , < 5.0.12-hotfix update (custom) |
|||||||
|
|||||||||
Credits
Palo Alto Networks thanks Diego García of INCIDE for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T15:08:25.783065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T15:08:32.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThan": "7.7.3",
"status": "affected",
"version": "7.7",
"versionType": "custom"
},
{
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5 CE",
"versionType": "custom"
},
{
"lessThan": "5.0.12-hotfix update",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.8 all"
},
{
"lessThan": "7.7*",
"status": "unaffected",
"version": "7.7.3",
"versionType": "custom"
},
{
"lessThan": "7.5 CE*",
"status": "unaffected",
"version": "7.5.101-CE",
"versionType": "custom"
},
{
"lessThan": "5.0*",
"status": "unaffected",
"version": "5.0.12-hotfix update",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."
}
],
"datePublic": "2022-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T16:35:08.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."
}
],
"source": {
"defect": [
"CPATR-16806"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-09-14T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-09-14T16:00:00.000Z",
"ID": "CVE-2022-0029",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.7",
"version_value": "7.7.3"
},
{
"version_affected": "!\u003e=",
"version_name": "7.7",
"version_value": "7.7.3"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.5 CE",
"version_value": "7.5.101-CE"
},
{
"version_affected": "!\u003e=",
"version_name": "7.5 CE",
"version_value": "7.5.101-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.12-hotfix update"
},
{
"version_affected": "!",
"version_name": "7.8",
"version_value": "all"
},
{
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.12-hotfix update"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0029",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."
}
],
"source": {
"defect": [
"CPATR-16806"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-09-14T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.7",
"Cortex XDR Agent 7.5 CE",
"Cortex XDR Agent 5.0",
"Cortex XDR Agent"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0029",
"datePublished": "2022-09-14T16:35:08.910Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2025-06-04T15:08:32.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0025 (GCVE-0-2022-0025)
Vulnerability from nvd – Published: 2022-05-11 16:30 – Updated: 2024-09-17 02:42
VLAI?
Title
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
Summary
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent.
Severity ?
6.7 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.7 , < 7.7.1.62043 without CU-500
(custom)
|
|||||||
|
|||||||||
Credits
Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.7.1.62043",
"status": "unaffected"
}
],
"lessThan": "7.7.1.62043 without CU-500",
"status": "affected",
"version": "7.7",
"versionType": "custom"
}
]
},
{
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.7.* with CU-500"
},
{
"status": "unaffected",
"version": "7.6 all"
},
{
"status": "unaffected",
"version": "7.5 CE all"
},
{
"status": "unaffected",
"version": "7.4 all"
},
{
"status": "unaffected",
"version": "7.5 all"
},
{
"status": "unaffected",
"version": "6.1 all"
},
{
"status": "unaffected",
"version": "5.0 all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue."
}
],
"datePublic": "2022-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:30:24",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.7.0 with content update 500, Cortex XDR agent 7.7.1 build 7.7.1.62043, and all later Cortex XDR agent versions.\n\nEnsure that Cortex XDR agent is upgraded to Cortex XDR agent 7.7.1.62043 or a later build when upgrading Cortex XDR agent to Cortex XDR agent 7.7 to prevent exposure to this vulnerability during the upgrade process."
}
],
"source": {
"defect": [
"CPATR-16696"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-11T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-05-11T16:00:00.000Z",
"ID": "CVE-2022-0025",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.7",
"version_value": "7.7.1.62043 without CU-500"
},
{
"version_affected": "!",
"version_name": "7.7",
"version_value": "7.7.* with CU-500"
},
{
"version_affected": "!",
"version_name": "7.6",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "7.5 CE",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "7.4",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "7.5",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "6.1",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "5.0",
"version_value": "all"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.7",
"version_value": "7.7.1.62043"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0025",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.7.0 with content update 500, Cortex XDR agent 7.7.1 build 7.7.1.62043, and all later Cortex XDR agent versions.\n\nEnsure that Cortex XDR agent is upgraded to Cortex XDR agent 7.7.1.62043 or a later build when upgrading Cortex XDR agent to Cortex XDR agent 7.7 to prevent exposure to this vulnerability during the upgrade process."
}
],
"source": {
"defect": [
"CPATR-16696"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-11T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.7",
"Cortex XDR Agent"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0025",
"datePublished": "2022-05-11T16:30:24.228159Z",
"dateReserved": "2021-12-28T00:00:00",
"dateUpdated": "2024-09-17T02:42:23.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}