cve-2024-5909
Vulnerability from cvelistv5
Published
2024-06-12 16:29
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
Cortex XDR Agent: Local Windows User Can Disable the Agent
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:51:54.433806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:52:05.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.4.0"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:29:23.822Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectedKeywords": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0",
"Cortex XDR Agent"
],
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21826",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5909",
"datePublished": "2024-06-12T16:29:23.822Z",
"dateReserved": "2024-06-12T15:27:55.683Z",
"dateUpdated": "2024-08-01T21:25:03.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-5909\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2024-06-12T17:15:53.370\",\"lastModified\":\"2024-11-21T09:48:33.737\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.\"},{\"lang\":\"es\",\"value\":\"Un problema con un mecanismo de protecci\u00f3n en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite que un usuario local de Windows con pocos privilegios deshabilite el agente. Este problema puede ser aprovechado por malware para desactivar el agente Cortex XDR y luego realizar actividades maliciosas.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NO\",\"recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:windows:*:*\",\"versionStartIncluding\":\"7.9\",\"versionEndExcluding\":\"7.9.102\",\"matchCriteriaId\":\"76F416A4-2527-4B52-BBED-FF648B8209B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"8.1\",\"versionEndExcluding\":\"8.1.2\",\"matchCriteriaId\":\"8E20EA13-B11E-4578-8DB1-AEBC51EAD4E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"8.2\",\"versionEndExcluding\":\"8.2.1\",\"matchCriteriaId\":\"E60C3C3C-01B8-4A72-B4B6-89BB374BBBB9\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2024-5909\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2024-5909\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.