Lucene search

Palo_altoCVE-2024-5909

HistoryJun 12, 2024 - 5:15 p.m.

CVE-2024-5909

2024-06-1217:15:53

CWE-269

palo_alto

web.nvd.nist.gov

cortex xdr agent

palo alto networks

windows devices

protection mechanism

vulnerability

malware

malicious activity

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS4

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N/AU:N/U:Amber/R:U/V:D/RE:M

AI Score

6.3

Confidence

Low

EPSS

Percentile

9.0%

JSON

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

Affected configurations

Nvd

Vulners

Node

paloaltonetworkscortex_xdr_agentRange7.9–7.9.102critical_environmentwindows

paloaltonetworkscortex_xdr_agentRange8.1–8.1.2windows

paloaltonetworkscortex_xdr_agentRange8.2–8.2.1windows

VendorProductVersionCPE
paloaltonetworkscortex_xdr_agent*cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:windows:*:*
paloaltonetworkscortex_xdr_agent*cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
paloaltonetworks	cortex_xdr_agent	*	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:::::critical_environment:windows::
paloaltonetworks	cortex_xdr_agent	*	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::windows::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Cortex XDR Agent",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "8.4.0"
      },
      {
        "status": "unaffected",
        "version": "8.3.0"
      },
      {
        "changes": [
          {
            "at": "8.2.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.2.1",
        "status": "affected",
        "version": "8.2.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "8.1.2",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.1.2",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "7.9.102-CE",
            "status": "unaffected"
          }
        ],
        "lessThan": "7.9.102-CE",
        "status": "affected",
        "version": "7.9-CE",
        "versionType": "custom"
      }
    ]
  }
]

References

security.paloaltonetworks.com/CVE-2024-5909

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS4

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N/AU:N/U:Amber/R:U/V:D/RE:M

AI Score

6.3

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-5909