Lucene search

[email protected]CVE-2024-5909

HistoryJun 12, 2024 - 5:15 p.m.

CVE-2024-5909

2024-06-1217:15:53

CWE-269

[email protected]

web.nvd.nist.gov

cortex xdr agent

palo alto networks

windows devices

protection mechanism

vulnerability

malware

malicious activity

6.8 Medium

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N/AU:N/U:Amber/R:U/V:D/RE:M

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Cortex XDR Agent",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "8.4.0"
      },
      {
        "status": "unaffected",
        "version": "8.3.0"
      },
      {
        "changes": [
          {
            "at": "8.2.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.2.1",
        "status": "affected",
        "version": "8.2.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "8.1.2",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.1.2",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "7.9.102-CE",
            "status": "unaffected"
          }
        ],
        "lessThan": "7.9.102-CE",
        "status": "affected",
        "version": "7.9-CE",
        "versionType": "custom"
      }
    ]
  }
]

References

security.paloaltonetworks.com/CVE-2024-5909