cvelistv5 - cve-2021-3042

CVE-2021-3042 (GCVE-0-2021-3042)

Vulnerability from cvelistv5 – Published: 2021-07-15 16:45 – Updated: 2024-09-17 04:18

Summary

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-427 - Uncontrolled Search Path Element

Assigner

palo_alto

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2021-3042

x_refsource_MISC

Impacted products

Vendor

Product

Version

Palo Alto Networks

Cortex XDR Agent

Unaffected: 5.0 all

	Palo Alto Networks	Cortex XDR Agent	Affected: 6.1.* without content update 181 or later Unaffected: 6.1.* with content update 181 or later Affected: 7.2.* without content update 181 or later
	Palo Alto Networks	Cortex XDR Agent	Unaffected: 7.2.* with content update 181 or later Unaffected: 7.3.* with content update 181 or later Affected: 7.3.* without content update 181 or later

Credits

Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:50.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.0 all"
            }
          ]
        },
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "affected",
              "version": "6.1.* without content update 181 or later"
            },
            {
              "status": "unaffected",
              "version": "6.1.* with content update 181 or later"
            },
            {
              "status": "affected",
              "version": "7.2.* without content update 181 or later"
            }
          ]
        },
        {
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.2.* with content update 181 or later"
            },
            {
              "status": "unaffected",
              "version": "7.3.* with content update 181 or later"
            },
            {
              "status": "affected",
              "version": "7.3.* without content update 181 or later"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
        }
      ],
      "datePublic": "2021-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-15T16:45:12",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Cortex XDR agent 6.1, Cortex XDR agent 7.2, Cortex XDR agent 7.3, and all later Cortex XDR agent versions with content update 181 or later content updates.\n\nContent updates are required to resolve this issue and are automatically applied for the agent."
        }
      ],
      "source": {
        "defect": [
          "CPATR-13407",
          "CPATR-11790",
          "CPATR-11572"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-07-14T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation",
      "workarounds": [
        {
          "lang": "en",
          "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory (such as C:\\)."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
          "ID": "CVE-2021-3042",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!",
                            "version_name": "5.0",
                            "version_value": "all"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "6.1",
                            "version_value": "6.1.* without content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "6.1",
                            "version_value": "6.1.* with content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.2",
                            "version_value": "7.2.* without content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.2",
                            "version_value": "7.2.* with content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!",
                            "version_name": "7.3",
                            "version_value": "7.3.* with content update 181 or later"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_name": "7.3",
                            "version_value": "7.3.* without content update 181 or later"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427 Uncontrolled Search Path Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2021-3042",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 6.1, Cortex XDR agent 7.2, Cortex XDR agent 7.3, and all later Cortex XDR agent versions with content update 181 or later content updates.\n\nContent updates are required to resolve this issue and are automatically applied for the agent."
          }
        ],
        "source": {
          "defect": [
            "CPATR-13407",
            "CPATR-11790",
            "CPATR-11572"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-07-14T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory (such as C:\\)."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 7.3",
          "Cortex XDR Agent 7.2",
          "Cortex XDR Agent 6.1"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2021-3042",
    "datePublished": "2021-07-15T16:45:12.285628Z",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-09-17T04:18:46.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:6.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"8535E8E2-188C-460B-86A8-F463854F5DFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"4952CB88-7B75-41D9-9387-7B5DD2DF0FEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:content_update149:*:*:*:*:*:*\", \"matchCriteriaId\": \"38C8BB0C-FC56-4006-9B75-8E7652723A92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:content_update150:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DA4AB8A-30E4-43FE-9C68-84BB59B4473E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.3:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"B43721E6-6944-4B88-A4CE-4A0917B02CDA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de escalada de privilegios (PE) local en  Palo Alto Networks Cortex XDR agent en plataformas Windows, que permite a un usuario local de Windows autenticado ejecutar programas con privilegios SYSTEM. Explotando esta vulnerabilidad requiere a un usuario tener privilegios de creaci\\u00f3n de archivos en el directorio root de Windows (como C:\\\\). Este problema afecta a: Todas las versiones del agente Cortex XDR 6.1 sin la actualizaci\\u00f3n de contenido 181 o una versi\\u00f3n posterior; Todas las versiones del agente Cortex XDR 7.2 sin la actualizaci\\u00f3n de contenido 181 o una versi\\u00f3n posterior; Todas las versiones del agente Cortex XDR 7.3 sin la actualizaci\\u00f3n de contenido 181 o una versi\\u00f3n posterior. Unas versiones del agente Cortex XDR 5.0 no se ven afectadas por este problema. Las actualizaciones de contenido son requeridas para resolver este problema y se aplican autom\\u00e1ticamente para el agente\"}]",
      "id": "CVE-2021-3042",
      "lastModified": "2024-11-21T06:20:49.573",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-07-15T17:15:08.717",
      "references": "[{\"url\": \"https://security.paloaltonetworks.com/CVE-2021-3042\", \"source\": \"psirt@paloaltonetworks.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2021-3042\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@paloaltonetworks.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-427\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-427\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-3042\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2021-07-15T17:15:08.717\",\"lastModified\":\"2024-11-21T06:20:49.573\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de escalada de privilegios (PE) local en  Palo Alto Networks Cortex XDR agent en plataformas Windows, que permite a un usuario local de Windows autenticado ejecutar programas con privilegios SYSTEM. Explotando esta vulnerabilidad requiere a un usuario tener privilegios de creaci\u00f3n de archivos en el directorio root de Windows (como C:\\\\). Este problema afecta a: Todas las versiones del agente Cortex XDR 6.1 sin la actualizaci\u00f3n de contenido 181 o una versi\u00f3n posterior; Todas las versiones del agente Cortex XDR 7.2 sin la actualizaci\u00f3n de contenido 181 o una versi\u00f3n posterior; Todas las versiones del agente Cortex XDR 7.3 sin la actualizaci\u00f3n de contenido 181 o una versi\u00f3n posterior. Unas versiones del agente Cortex XDR 5.0 no se ven afectadas por este problema. Las actualizaciones de contenido son requeridas para resolver este problema y se aplican autom\u00e1ticamente para el agente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:6.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8535E8E2-188C-460B-86A8-F463854F5DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4952CB88-7B75-41D9-9387-7B5DD2DF0FEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:content_update149:*:*:*:*:*:*\",\"matchCriteriaId\":\"38C8BB0C-FC56-4006-9B75-8E7652723A92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:content_update150:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DA4AB8A-30E4-43FE-9C68-84BB59B4473E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B43721E6-6944-4B88-A4CE-4A0917B02CDA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3042\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-532

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma Cloud Compute	Prisma Cloud Compute versions 20.12 antérieures à 20.12.552
Palo Alto Networks	Prisma Cloud Compute	Prisma Cloud Compute versions 21.04 antérieures à 21.04.439
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 7.3 sans le correctif 181
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 7.2 sans le correctif 181
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 6.1 sans le correctif 181

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2021-3043 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2021-3042 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2021-3042 du 14 juillet 2021	-	other
Bulletin de sécurité Palo Alto Networks CVE-2021-3043 du 14 juillet 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma Cloud Compute versions 20.12 ant\u00e9rieures \u00e0 20.12.552",
      "product": {
        "name": "Prisma Cloud Compute",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Cloud Compute versions 21.04 ant\u00e9rieures \u00e0 21.04.439",
      "product": {
        "name": "Prisma Cloud Compute",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 7.3 sans le correctif 181",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 7.2 sans le correctif 181",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 6.1 sans le correctif 181",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-3042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3042"
    },
    {
      "name": "CVE-2021-3043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3043"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto\u00a0Networks CVE-2021-3042 du 14 juillet 2021",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto\u00a0Networks CVE-2021-3043 du 14 juillet 2021",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3043"
    }
  ],
  "reference": "CERTFR-2021-AVI-532",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Elles permettent \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance\n(XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3043 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3042 du 14 juillet 2021",
      "url": null
    }
  ]
}

CERTFR-2021-AVI-532

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	Prisma Cloud Compute	Prisma Cloud Compute versions 20.12 antérieures à 20.12.552
Palo Alto Networks	Prisma Cloud Compute	Prisma Cloud Compute versions 21.04 antérieures à 21.04.439
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 7.3 sans le correctif 181
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 7.2 sans le correctif 181
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 6.1 sans le correctif 181

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2021-3043 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2021-3042 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2021-3042 du 14 juillet 2021	-	other
Bulletin de sécurité Palo Alto Networks CVE-2021-3043 du 14 juillet 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prisma Cloud Compute versions 20.12 ant\u00e9rieures \u00e0 20.12.552",
      "product": {
        "name": "Prisma Cloud Compute",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Cloud Compute versions 21.04 ant\u00e9rieures \u00e0 21.04.439",
      "product": {
        "name": "Prisma Cloud Compute",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 7.3 sans le correctif 181",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 7.2 sans le correctif 181",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 6.1 sans le correctif 181",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-3042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3042"
    },
    {
      "name": "CVE-2021-3043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3043"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto\u00a0Networks CVE-2021-3042 du 14 juillet 2021",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto\u00a0Networks CVE-2021-3043 du 14 juillet 2021",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3043"
    }
  ],
  "reference": "CERTFR-2021-AVI-532",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Elles permettent \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance\n(XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3043 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3042 du 14 juillet 2021",
      "url": null
    }
  ]
}

CNVD-2021-51426

Vulnerability from cnvd - Published: 2021-07-16

Title

Palo Alto Networks Cortex XDR Agent存在未明漏洞

Description

Palo Alto Networks Cortex XDR Agent是马来西亚Palo Alto Networks公司的一个用于检测客户端设备安全性的客户端软件。 Palo Alto Networks Cortex XDR Agent 存在安全漏洞，该漏洞源于用户控制文件控制不当。经过身份验证的本地 Windows 用户利用该漏洞能够以系统权限执行程序。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Palo Alto Networks Cortex XDR Agent存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://security.paloaltonetworks.com/CVE-2021-3042

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-3042

Impacted products

Name
Palo Alto Networks Cortex XDR Agent

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-3042"
    }
  },
  "description": "Palo Alto Networks Cortex XDR Agent\u662f\u9a6c\u6765\u897f\u4e9aPalo Alto Networks\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u68c0\u6d4b\u5ba2\u6237\u7aef\u8bbe\u5907\u5b89\u5168\u6027\u7684\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\n\nPalo Alto Networks Cortex XDR Agent \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u63a7\u5236\u6587\u4ef6\u63a7\u5236\u4e0d\u5f53\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u672c\u5730 Windows \u7528\u6237\u5229\u7528\u8be5\u6f0f\u6d1e\u80fd\u591f\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u7a0b\u5e8f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://security.paloaltonetworks.com/CVE-2021-3042",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-51426",
  "openTime": "2021-07-16",
  "patchDescription": "Palo Alto Networks Cortex XDR Agent\u662f\u9a6c\u6765\u897f\u4e9aPalo Alto Networks\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u68c0\u6d4b\u5ba2\u6237\u7aef\u8bbe\u5907\u5b89\u5168\u6027\u7684\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\nPalo Alto Networks Cortex XDR Agent \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u63a7\u5236\u6587\u4ef6\u63a7\u5236\u4e0d\u5f53\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u672c\u5730 Windows \u7528\u6237\u5229\u7528\u8be5\u6f0f\u6d1e\u80fd\u591f\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u7a0b\u5e8f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Palo Alto Networks Cortex XDR Agent\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Palo Alto Networks Cortex XDR Agent"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-3042",
  "serverity": "\u4e2d",
  "submitTime": "2021-07-15",
  "title": "Palo Alto Networks Cortex XDR Agent\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

FKIE_CVE-2021-3042

Vulnerability from fkie_nvd - Published: 2021-07-15 17:15 - Updated: 2024-11-21 06:20

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2021-3042	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.paloaltonetworks.com/CVE-2021-3042	Vendor Advisory

Impacted products

Vendor	Product	Version
paloaltonetworks	cortex_xdr_agent	6.1
paloaltonetworks	cortex_xdr_agent	7.2
paloaltonetworks	cortex_xdr_agent	7.2
paloaltonetworks	cortex_xdr_agent	7.2
paloaltonetworks	cortex_xdr_agent	7.3
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:6.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "8535E8E2-188C-460B-86A8-F463854F5DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "4952CB88-7B75-41D9-9387-7B5DD2DF0FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:content_update149:*:*:*:*:*:*",
              "matchCriteriaId": "38C8BB0C-FC56-4006-9B75-8E7652723A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:content_update150:*:*:*:*:*:*",
              "matchCriteriaId": "0DA4AB8A-30E4-43FE-9C68-84BB59B4473E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "B43721E6-6944-4B88-A4CE-4A0917B02CDA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de escalada de privilegios (PE) local en  Palo Alto Networks Cortex XDR agent en plataformas Windows, que permite a un usuario local de Windows autenticado ejecutar programas con privilegios SYSTEM. Explotando esta vulnerabilidad requiere a un usuario tener privilegios de creaci\u00f3n de archivos en el directorio root de Windows (como C:\\). Este problema afecta a: Todas las versiones del agente Cortex XDR 6.1 sin la actualizaci\u00f3n de contenido 181 o una versi\u00f3n posterior; Todas las versiones del agente Cortex XDR 7.2 sin la actualizaci\u00f3n de contenido 181 o una versi\u00f3n posterior; Todas las versiones del agente Cortex XDR 7.3 sin la actualizaci\u00f3n de contenido 181 o una versi\u00f3n posterior. Unas versiones del agente Cortex XDR 5.0 no se ven afectadas por este problema. Las actualizaciones de contenido son requeridas para resolver este problema y se aplican autom\u00e1ticamente para el agente"
    }
  ],
  "id": "CVE-2021-3042",
  "lastModified": "2024-11-21T06:20:49.573",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-07-15T17:15:08.717",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6CMH-XRJ8-PMC5

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08

Details

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-3042"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-15T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.",
  "id": "GHSA-6cmh-xrj8-pmc5",
  "modified": "2022-05-24T19:08:10Z",
  "published": "2022-05-24T19:08:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3042"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2021-3042

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-3042

Aliases

CVE-2021-3042

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-3042",
    "description": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.",
    "id": "GSD-2021-3042"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-3042"
      ],
      "details": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.",
      "id": "GSD-2021-3042",
      "modified": "2023-12-13T01:23:34.184921Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@paloaltonetworks.com",
        "DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
        "ID": "CVE-2021-3042",
        "STATE": "PUBLIC",
        "TITLE": "Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cortex XDR Agent",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "!",
                          "version_name": "5.0",
                          "version_value": "all"
                        },
                        {
                          "platform": "Windows ",
                          "version_affected": "=",
                          "version_name": "6.1",
                          "version_value": "6.1.* without content update 181 or later"
                        },
                        {
                          "platform": "Windows ",
                          "version_affected": "!",
                          "version_name": "6.1",
                          "version_value": "6.1.* with content update 181 or later"
                        },
                        {
                          "platform": "Windows ",
                          "version_affected": "=",
                          "version_name": "7.2",
                          "version_value": "7.2.* without content update 181 or later"
                        },
                        {
                          "platform": "Windows",
                          "version_affected": "!",
                          "version_name": "7.2",
                          "version_value": "7.2.* with content update 181 or later"
                        },
                        {
                          "platform": "Windows",
                          "version_affected": "!",
                          "version_name": "7.3",
                          "version_value": "7.3.* with content update 181 or later"
                        },
                        {
                          "platform": "Windows",
                          "version_affected": "=",
                          "version_name": "7.3",
                          "version_value": "7.3.* without content update 181 or later"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Palo Alto Networks"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-427 Uncontrolled Search Path Element"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.paloaltonetworks.com/CVE-2021-3042",
            "refsource": "MISC",
            "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "This issue is fixed in Cortex XDR agent 6.1, Cortex XDR agent 7.2, Cortex XDR agent 7.3, and all later Cortex XDR agent versions with content update 181 or later content updates.\n\nContent updates are required to resolve this issue and are automatically applied for the agent."
        }
      ],
      "source": {
        "defect": [
          "CPATR-13407",
          "CPATR-11790",
          "CPATR-11572"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "eng",
          "time": "2021-07-14T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "work_around": [
        {
          "lang": "eng",
          "value": "This issue is mitigated by preventing local authenticated Windows users from creating files in the Windows root directory (such as C:\\)."
        }
      ],
      "x_advisoryEoL": false,
      "x_affectedList": [
        "Cortex XDR Agent 7.3",
        "Cortex XDR Agent 7.2",
        "Cortex XDR Agent 6.1"
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:6.1:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:content_update149:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.2:content_update150:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.3:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "ID": "CVE-2021-3042"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2021-3042",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2021-3042"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-27T14:56Z",
      "publishedDate": "2021-07-15T17:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-3042 (GCVE-0-2021-3042)

CERTFR-2021-AVI-532

Solution

CERTFR-2021-AVI-532

Solution

CNVD-2021-51426

FKIE_CVE-2021-3042

GHSA-6CMH-XRJ8-PMC5

GSD-2021-3042

Tags

Sightings

Nomenclature