Multiple vulnerabilities in Palo Alto Networks Cortex XDR agent

1) Improper privilege management

EUVDB-ID: #VU94359

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-5909

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to improper privilege management. A local user can disable the agent.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cortex XDR Agent for Windows: before 8.2.1

CPE2.3

External links

http://security.paloaltonetworks.com/CVE-2024-5909

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Origin validation error

EUVDB-ID: #VU94362

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-5905

CWE-ID: CWE-346 - Origin Validation Error

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to missing origin validation within the protection mechanism. A local user can disrupt some functionality of the agent.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cortex XDR Agent for Windows: before 8.2.1

CPE2.3

External links

http://security.paloaltonetworks.com/CVE-2024-5905

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.