cnvd - cnvd-2021-51426

CNVD-2021-51426

Vulnerability from cnvd - Published: 2021-07-16

Title

Palo Alto Networks Cortex XDR Agent存在未明漏洞

Description

Palo Alto Networks Cortex XDR Agent是马来西亚Palo Alto Networks公司的一个用于检测客户端设备安全性的客户端软件。 Palo Alto Networks Cortex XDR Agent 存在安全漏洞，该漏洞源于用户控制文件控制不当。经过身份验证的本地 Windows 用户利用该漏洞能够以系统权限执行程序。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Palo Alto Networks Cortex XDR Agent存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://security.paloaltonetworks.com/CVE-2021-3042

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-3042

Impacted products

Name
Palo Alto Networks Cortex XDR Agent

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-3042"
    }
  },
  "description": "Palo Alto Networks Cortex XDR Agent\u662f\u9a6c\u6765\u897f\u4e9aPalo Alto Networks\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u68c0\u6d4b\u5ba2\u6237\u7aef\u8bbe\u5907\u5b89\u5168\u6027\u7684\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\n\nPalo Alto Networks Cortex XDR Agent \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u63a7\u5236\u6587\u4ef6\u63a7\u5236\u4e0d\u5f53\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u672c\u5730 Windows \u7528\u6237\u5229\u7528\u8be5\u6f0f\u6d1e\u80fd\u591f\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u7a0b\u5e8f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://security.paloaltonetworks.com/CVE-2021-3042",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-51426",
  "openTime": "2021-07-16",
  "patchDescription": "Palo Alto Networks Cortex XDR Agent\u662f\u9a6c\u6765\u897f\u4e9aPalo Alto Networks\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u68c0\u6d4b\u5ba2\u6237\u7aef\u8bbe\u5907\u5b89\u5168\u6027\u7684\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\nPalo Alto Networks Cortex XDR Agent \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u63a7\u5236\u6587\u4ef6\u63a7\u5236\u4e0d\u5f53\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u672c\u5730 Windows \u7528\u6237\u5229\u7528\u8be5\u6f0f\u6d1e\u80fd\u591f\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u7a0b\u5e8f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Palo Alto Networks Cortex XDR Agent\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Palo Alto Networks Cortex XDR Agent"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-3042",
  "serverity": "\u4e2d",
  "submitTime": "2021-07-15",
  "title": "Palo Alto Networks Cortex XDR Agent\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2021-3042 (GCVE-0-2021-3042)

Vulnerability from cvelistv5 – Published: 2021-07-15 16:45 – Updated: 2024-09-17 04:18

Summary

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-427 - Uncontrolled Search Path Element

Assigner

palo_alto

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2021-3042

x_refsource_MISC

Impacted products

Vendor

Product

Version

Palo Alto Networks

Cortex XDR Agent

Unaffected: 5.0 all

	Palo Alto Networks	Cortex XDR Agent	Affected: 6.1.* without content update 181 or later Unaffected: 6.1.* with content update 181 or later Affected: 7.2.* without content update 181 or later
	Palo Alto Networks	Cortex XDR Agent	Unaffected: 7.2.* with content update 181 or later Unaffected: 7.3.* with content update 181 or later Affected: 7.3.* without content update 181 or later

Credits

Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:50.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.0 all"
            }
          ]
        },
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "affected",
              "version": "6.1.* without content update 181 or later"
            },
            {
              "status": "unaffected",
              "version": "6.1.* with content update 181 or later"
            },
            {
              "status": "affected",
              "version": "7.2.* without content update 181 or later"
            }
          ]
        },
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.2.* with content update 181 or later"
            },
            {
              "status": "unaffected",
              "version": "7.3.* with content update 181 or later"
            },
            {
              "status": "affected",
              "version": "7.3.* without content update 181 or later"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
        }
      ],
      "datePublic": "2021-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-15T16:45:12",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR agent 6.1, Cortex XDR agent 7.2, Cortex XDR agent 7.3, and all later Cortex XDR agent versions with content update 181 or later content updates.\n\nContent updates are required to resolve this issue and are automatically applied for the agent."
        }
      ],
      "source": {
        "defect": [
          "CPATR-13407",
          "CPATR-11790",
          "CPATR-11572"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-07-14T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation",
      "workarounds": [
        {
          "lang": "en",
          "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory (such as C:\\)."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
          "ID": "CVE-2021-3042",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!",
                            "version_name": "5.0",
                            "version_value": "all"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "6.1",
                            "version_value": "6.1.* without content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "6.1",
                            "version_value": "6.1.* with content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.2",
                            "version_value": "7.2.* without content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.2",
                            "version_value": "7.2.* with content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.3",
                            "version_value": "7.3.* with content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.3",
                            "version_value": "7.3.* without content update 181 or later"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427 Uncontrolled Search Path Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2021-3042",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 6.1, Cortex XDR agent 7.2, Cortex XDR agent 7.3, and all later Cortex XDR agent versions with content update 181 or later content updates.\n\nContent updates are required to resolve this issue and are automatically applied for the agent."
          }
        ],
        "source": {
          "defect": [
            "CPATR-13407",
            "CPATR-11790",
            "CPATR-11572"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-07-14T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory (such as C:\\)."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 7.3",
          "Cortex XDR Agent 7.2",
          "Cortex XDR Agent 6.1"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2021-3042",
    "datePublished": "2021-07-15T16:45:12.285628Z",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-09-17T04:18:46.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-51426

CVE-2021-3042 (GCVE-0-2021-3042)

Tags

Sightings

Nomenclature