Paloaltonetworks Cortex Xdr Agent vulnerabilities

CVE-2024-9469 [MEDIUM] CWE-754 CVE-2024-9469: A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices e A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

CVE-2024-8690 [MEDIUM] CWE-440 CVE-2024-8690: A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices e A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

CVE-2024-5909 [MEDIUM] CWE-269 CVE-2024-5909: A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

CVE-2024-5907 [MEDIUM] CWE-269 CVE-2024-5907: A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devi A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.

CVE-2024-5905 [LOW] CWE-346 CVE-2024-5905: A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.

CVE-2023-3280 [MEDIUM] CWE-755 CVE-2023-3280: A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.

CVE-2023-0002 [HIGH] CWE-693 CVE-2023-0002: A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.

CVE-2023-0001 [MEDIUM] CWE-319 CVE-2023-0001: An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.

CVE-2022-0029 [MEDIUM] CWE-59 CVE-2022-0029: An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devi An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.

CVE-2022-0025 [MEDIUM] CWE-427 CVE-2022-0025: A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent softwa A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cor

CVE-2022-0026 [MEDIUM] CWE-282 CVE-2022-0026: A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent softwa A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330

CVE-2022-0015 [HIGH] CWE-427 CVE-2022-0015: A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent th A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.

CVE-2022-0012 [HIGH] CWE-59 CVE-2022-0012: An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Corte

CVE-2022-0014 [HIGH] CWE-426 CVE-2022-0014: An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enable An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR

CVE-2022-0013 [MEDIUM] CWE-538 CVE-2022-0013: A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that ena A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions ea

CVE-2021-3042 [HIGH] CWE-427 CVE-2021-3042: A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts

CVE-2021-3041 [HIGH] CWE-427 CVE-2021-3041: A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Wind A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts:

CVE-2020-2049 [HIGH] CWE-427 CVE-2020-2049: A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Wind A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 w

CVE-2020-2020 [MEDIUM] CWE-755 CVE-2020-2020: An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local auth An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is res