CVE-2024-5909 — Improper Privilege Management in Palo Alto Networks Cortex XDR Agent

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.9%

top 24.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex XDR Agent Paloaltonetworks Cortex XDR Agent Paloalto Cortex XDR Agent

Timeline

PublishedJun 12

Description

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDpaloaltonetworks/cortex_xdr_agent7.9 — 7.9.102+2

▶CVEListV5palo_alto_networks/cortex_xdr_agent8.2.0 — 8.2.1+2

▶Palo Altopaloalto/cortex_xdr_agent

🔴Vulnerability Details

CVEList

Cortex XDR Agent: Local Windows User Can Disable the Agent↗2024-06-12

▶

GHSA

GHSA-26v6-wwwv-j4cc: A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disa↗2024-06-12

▶

📋Vendor Advisories

Palo Alto

Cortex XDR Agent: Local Windows User Can Disable the Agent↗2024-06-12

▶