Paloalto Cortex Xdr Agent vulnerabilities

CVE-2022-0014 [HIGH] CWE-426 Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Term

CVE-2022-0015 [HIGH] CWE-427 Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. Affected products: Cortex XDR Agent Solution: This issue is fixed

CVE-2022-0013 [MEDIUM] CWE-538 Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. Affected products: Cortex XDR Agent Solution: This issue is

CVE-2021-44228 [CRITICAL] CWE-94 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Apache Log4j Java library is vulnerable to a remote code execution vulnerability CVE-2021-44228, known as Log4Shell, and related vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4Shell allows remote unauthenticated attackers with the ability to i

CVE-2021-3042 [HIGH] CWE-427 Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creati

CVE-2021-3041 [HIGH] CWE-427 Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Wind

CVE-2020-2049 [HIGH] CWE-427 Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory.

CVE-2020-2020 [MEDIUM] CWE-755 Cortex XDR Agent: Exceptional condition denial-of-service (DoS) Cortex XDR Agent: Exceptional condition denial-of-service (DoS) An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or m

CVE-2026-0232 [MEDIUM] CWE-15 Cortex XDR Agent: Local Administrator can disable the agent on Windows Cortex XDR Agent: Local Administrator can disable the agent on Windows A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection. Affected products: Cortex XDR Agent Solution: To fully remediate this vulnerability,

CVE-2025-0121 [MEDIUM] CWE-476 Cortex XDR Agent: Local Windows User Can Crash the Agent Cortex XDR Agent: Local Windows User Can Crash the Agent A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it. Affected products: Cortex XDR Agent Solution: This issue is fi

CVE-2025-0112 [MEDIUM] CWE-754 Cortex XDR Agent: Local Windows User Can Disable the Agent Cortex XDR Agent: Local Windows User Can Disable the Agent A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity. Affected products: Cortex XDR Agent Solution: Th

CVE-2026-0230 [MEDIUM] CWE-754 Cortex XDR Agent: Local Administrator can disable the agent on macOS Cortex XDR Agent: Local Administrator can disable the agent on macOS A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection. Affected products: Cortex XDR Agent Solution: This issue is fixed in Cortex XDR Agent 8.9.0, Cort