CVE-2021-3042 — Uncontrolled Search Path Element in Palo Alto Networks Cortex XDR Agent

CWE-427 — Uncontrolled Search Path Element4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 89.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex XDR Agent Paloaltonetworks Cortex XDR Agent Paloalto Cortex XDR Agent

Timeline

PublishedJul 15

Latest updateMay 24

Description

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDpaloaltonetworks/cortex_xdr_agent6.1, 7.2, 7.3+2

▶CVEListV5palo_alto_networks/cortex_xdr_agent6.1.* without content update 181 or later, 7.2.* without content update 181 or later, 7.3.* without content update 181 or later+2

▶Palo Altopaloalto/cortex_xdr_agent

🔴Vulnerability Details

GHSA

GHSA-6cmh-xrj8-pmc5: A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated l↗2022-05-24

▶

CVEList

Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation↗2021-07-15

▶

📋Vendor Advisories

Palo Alto

Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation↗2021-07-14

▶