Paloalto Cortex Xdr Agent vulnerabilities

CVE-2024-9469 [MEDIUM] CWE-754 Cortex XDR Agent: Local Windows User Can Disable the Agent Cortex XDR Agent: Local Windows User Can Disable the Agent A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. Affected products: Cortex XDR Agent Solution: This issue i

CVE-2024-47076 [HIGH] CWE-78 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products. Based on current information, Palo Alto Networks products and cloud services do not contain affecte

CVE-2024-8690 [MEDIUM] CWE-440 Cortex XDR Agent: Local Windows Administrator Can Disable the Agent Cortex XDR Agent: Local Windows Administrator Can Disable the Agent A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. Affected products: Cortex XDR Agent Solution:

CVE-2024-5535 [CRITICAL] Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119 Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119 The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-5535 and CVE-2024-6119 as they relate to our products. PAN-OS, Cloud NGFW, Prisma Access, and Cortex XDR Agent are not affected by CVE-2024-5535 or CVE-2024-6119. At present, no other Palo Alto Networks products ar

CVE-2024-5912 [MEDIUM] CWE-347 Cortex XDR Agent: Improper File Signature Verification Checks Cortex XDR Agent: Improper File Signature Verification Checks An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked. Affected products: Cortex XDR Agent Solution

CVE-2024-5907 [MEDIUM] CWE-269 Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit. Affected products: Cortex

CVE-2024-5909 [MEDIUM] CWE-269 Cortex XDR Agent: Local Windows User Can Disable the Agent Cortex XDR Agent: Local Windows User Can Disable the Agent A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. Affected products: Cortex XDR Agent Solution: This issue is fixed in Cor

CVE-2024-5905 [LOW] CWE-346 Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability. Affected products: Cortex XD

CVE-2024-3094 [CRITICAL] CWE-506 Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) The Palo Alto Networks Product Security Assurance team has evaluated the supply chain compromise impacting versions 5.6.0 and 5.6.1 of XZ tools and libraries. These versions of the software may allow unauthorized access to affected systems. Based on the information presently known, Palo Alto Networks

CVE-2023-38545 [CRITICAL] CWE-120 Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546) Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546) The Palo Alto Networks Product Security Assurance team has evaluated the curl and libcurl vulnerabilities (CVE-2023-38545, CVE-2023-38546) that were disclosed on October 11, 2023 as they relate to our products. At this time, there are no demonstrated scenarios that enable successful exploitation of these vulner

CVE-2023-44487 [HIGH] CWE-400 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) The Palo Alto Networks Product Security Assurance team is evaluating the recently disclosed denial-of-service (DoS) vulnerabilities in the HTTP/2 protocol including Rapid Reset (CVE-2023-44487) and CVE-2023-35945. If HTTP/2 inspection is enabled in PAN-OS, an ongoing distributed denial-of-servic

CVE-2023-3280 [MEDIUM] CWE-755 Cortex XDR Agent: Local Windows User Can Disable the Agent Cortex XDR Agent: Local Windows User Can Disable the Agent A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent. Affected products: Cortex XDR Agent Solution: This issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions on Windows when the

CVE-2023-0002 [HIGH] CWE-693 Cortex XDR Agent: Product Disruption by Local Windows User Cortex XDR Agent: Product Disruption by Local Windows User A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. Affected products: Cortex XDR Agent Solution: This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Co

CVE-2023-0001 [MEDIUM] CWE-319 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password Cortex XDR Agent: Cleartext Exposure of Agent Admin Password An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. Affected products: Cortex XDR Agent Solution

CVE-2022-0029 [MEDIUM] CWE-59 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file. Affected products: Cortex XDR Agent Solution: This issue is fix

CVE-2022-0025 [MEDIUM] CWE-427 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program w

CVE-2022-0026 [MEDIUM] CWE-282 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated p

CVE-2022-22963 [CRITICAL] CWE-497 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and

CVE-2022-0778 [HIGH] CWE-834 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSL infinite loop vulnerability (CVE-2022-0778) as it relates to our products. This vulnerability causes the OpenSSL library to enter an infinite loop when parsing an invalid certificate and can result in a Denial-of-Service (DoS) to the application. An attacker d

CVE-2022-0012 [HIGH] CWE-59 Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. Affected products: Cortex XDR Agent Solution: This issue is fixed in Cortex XDR ag