CVE-2021-3041 — Uncontrolled Search Path Element in Palo Alto Networks Cortex XDR Agent

CWE-427 — Uncontrolled Search Path Element4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 89.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex XDR Agent Paloaltonetworks Cortex XDR Agent Paloalto Cortex XDR Agent

Timeline

PublishedJun 10

Latest updateMay 24

Description

A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XD…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDpaloaltonetworks/cortex_xdr_agent5.0 — 5.0.11+2

▶CVEListV5palo_alto_networks/cortex_xdr_agent5.0 — 5.0.11+2

▶Palo Altopaloalto/cortex_xdr_agent

🔴Vulnerability Details

GHSA

GHSA-gvxw-2m7p-wc8h: A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local↗2022-05-24

▶

CVEList

Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation↗2021-06-10

▶

📋Vendor Advisories

Palo Alto

Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation↗2021-06-09

▶