CVE-2021-3042 Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation

🗓️ 15 Jul 2021 16:45:12Reported by palo_altoType

Improper control of user-controlled file in Palo Alto Networks Cortex XDR Agent leads to local privilege escalatio

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2021-3042	15 Jul 202120:27	–	circl
CNNVD	Palo Alto Networks Cortex XDR Agent 代码问题漏洞	15 Jul 202100:00	–	cnnvd
CNVD	Palo Alto Networks Cortex XDR Agent Has Unspecified Vulnerability	15 Jul 202100:00	–	cnvd
CVE	CVE-2021-3042	15 Jul 202116:45	–	cve
EUVD	EUVD-2021-26394	7 Oct 202500:30	–	euvd
NVD	CVE-2021-3042	15 Jul 202117:15	–	nvd
OSV	CVE-2021-3042	15 Jul 202117:15	–	osv
Palo Alto Networks	Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation	14 Jul 202116:00	–	paloalto
Prion	Privilege escalation	15 Jul 202117:15	–	prion

[
  {
    "product": "Cortex XDR Agent",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "5.0 all"
      }
    ]
  },
  {
    "platforms": [
      "Windows"
    ],
    "product": "Cortex XDR Agent",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "affected",
        "version": "6.1.* without content update 181 or later"
      },
      {
        "status": "unaffected",
        "version": "6.1.* with content update 181 or later"
      },
      {
        "status": "affected",
        "version": "7.2.* without content update 181 or later"
      }
    ]
  },
  {
    "platforms": [
      "Windows"
    ],
    "product": "Cortex XDR Agent",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "7.2.* with content update 181 or later"
      },
      {
        "status": "unaffected",
        "version": "7.3.* with content update 181 or later"
      },
      {
        "status": "affected",
        "version": "7.3.* without content update 181 or later"
      }
    ]
  }
]

Source	Link
security	www.security.paloaltonetworks.com/CVE-2021-3042

15 Jul 2021 16:45Current

8High risk

Vulners AI Score8

CVSS 3.17.8

EPSS0.00248

CWE-427