OpenCVE

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks	Cortex Xdr Agent

Configuration 1 [-]

OR	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:::::critical_environment:windows::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::windows::*
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::windows::*

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2024-5909

History

Wed, 07 Aug 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Paloaltonetworks Paloaltonetworks cortex Xdr Agent
CPEs		cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::windows::* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:::::critical_environment:windows::
Vendors & Products		Paloaltonetworks Paloaltonetworks cortex Xdr Agent
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2024-06-12T16:29:23.822Z

Updated: 2024-08-01T21:25:03.192Z

Reserved: 2024-06-12T15:27:55.683Z

Link: CVE-2024-5909

Vulnrichment

Updated: 2024-08-01T21:25:03.192Z

NVD

Status : Analyzed

Published: 2024-06-12T17:15:53.370

Modified: 2024-08-07T16:53:10.633

Link: CVE-2024-5909

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5909", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-06-12T15:27:55.683Z", "datePublished": "2024-06-12T16:29:23.822Z", "dateUpdated": "2024-08-01T21:25:03.192Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "8.4.0"}, {"status": "unaffected", "version": "8.3.0"}, {"changes": [{"at": "8.2.1", "status": "unaffected"}], "lessThan": "8.2.1", "status": "affected", "version": "8.2.0", "versionType": "custom"}, {"changes": [{"at": "8.1.2", "status": "unaffected"}], "lessThan": "8.1.2", "status": "affected", "version": "8.1.0", "versionType": "custom"}, {"changes": [{"at": "7.9.102-CE", "status": "unaffected"}], "lessThan": "7.9.102-CE", "status": "affected", "version": "7.9-CE", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."}], "datePublic": "2024-06-12T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.</p>"}], "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-06-12T16:29:23.822Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5909"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.</p>"}], "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."}], "source": {"defect": ["CPATR-21835", "CPATR-21826"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-06-12T16:00:00.000Z", "value": "Initial publication"}], "title": "Cortex XDR Agent: Local Windows User Can Disable the Agent", "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "x_legacyV4Record": {"CNA_private": {"Priority": "normal", "STATE": "review", "TYPE": "advisory", "affectedKeywords": ["Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE", "Cortex XDR Agent 7.5-CE", "Cortex XDR Agent 5.0", "Cortex XDR Agent"], "affectsSummary": {"affected": ["None", "None", "< 8.2.1 on Windows", "< 8.1.2 on Windows", "< 7.9.102-CE on Windows"], "appliesTo": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "product_versions": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "unaffected": ["All", "All", ">= 8.2.1 on Windows", ">= 8.1.2 on Windows", ">= 7.9.102-CE on Windows"], "unknown": ["", "", "", "", ""]}, "owner": "abaishya", "publish": {"month": "06", "year": "2024", "ym": "2024-06"}, "share_with_CVE": true, "show_cvss": true}, "CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2024-06-12T16:00:00.000Z", "ID": "CVE-2023-case-CPATR-21826", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XDR Agent", "version": {"version_data": [{"version_affected": "=", "version_name": "8.3", "version_value": "None"}, {"platform": "Windows", "version_affected": "<", "version_name": "8.2", "version_value": "8.2.1"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "8.2", "version_value": "8.2.1"}, {"platform": "Windows", "version_affected": "<", "version_name": "8.1", "version_value": "8.1.2"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "8.1", "version_value": "8.1.2"}, {"platform": "Windows", "version_affected": "<", "version_name": "7.9-CE", "version_value": "7.9.102-CE"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "7.9-CE", "version_value": "7.9.102-CE"}, {"version_affected": "!", "version_name": "8.3", "version_value": "All"}, {"version_affected": "=", "version_name": "8.4", "version_value": "None"}, {"version_affected": "!", "version_name": "8.4", "version_value": "All"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "vulnogram 0.1.0-rc1"}, "impact": {"cvss": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "references": {"reference_data": [{"refsource": "CONFIRM", "url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."}], "source": {"defect": ["CPATR-21835", "CPATR-21826"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-06-12T00:00:00", "value": "Initial publication"}], "x_advisoryEoL": false, "x_affectedList": ["Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE", "Cortex XDR Agent 7.5-CE", "Cortex XDR Agent 5.0"]}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T19:51:54.433806Z", "id": "CVE-2024-5909", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:52:05.711Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.192Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2024-5909"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5909", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.192Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5909", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T19:51:54.433806Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:52:01.575Z"}}], "cna": {"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent", "source": {"defect": ["CPATR-21835", "CPATR-21826"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.8, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XDR Agent", "versions": [{"status": "unaffected", "version": "8.4.0"}, {"status": "unaffected", "version": "8.3.0"}, {"status": "affected", "changes": [{"at": "8.2.1", "status": "unaffected"}], "version": "8.2.0", "lessThan": "8.2.1", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.1.2", "status": "unaffected"}], "version": "8.1.0", "lessThan": "8.1.2", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "7.9.102-CE", "status": "unaffected"}], "version": "7.9-CE", "lessThan": "7.9.102-CE", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-06-12T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.", "supportingMedia": [{"type": "text/html", "value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.</p>", "base64": false}]}], "datePublic": "2024-06-12T07:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5909", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "descriptions": [{"lang": "en", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.", "supportingMedia": [{"type": "text/html", "value": "<p>A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-06-12T16:29:23.822Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."}], "impact": {"cvss": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.8, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}}, "source": {"defect": ["CPATR-21835", "CPATR-21826"], "discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "8.3", "version_value": "None", "version_affected": "="}, {"platform": "Windows", "version_name": "8.2", "version_value": "8.2.1", "version_affected": "<"}, {"platform": "Windows", "version_name": "8.2", "version_value": "8.2.1", "version_affected": "!>="}, {"platform": "Windows", "version_name": "8.1", "version_value": "8.1.2", "version_affected": "<"}, {"platform": "Windows", "version_name": "8.1", "version_value": "8.1.2", "version_affected": "!>="}, {"platform": "Windows", "version_name": "7.9-CE", "version_value": "7.9.102-CE", "version_affected": "<"}, {"platform": "Windows", "version_name": "7.9-CE", "version_value": "7.9.102-CE", "version_affected": "!>="}, {"version_name": "8.3", "version_value": "All", "version_affected": "!"}, {"version_name": "8.4", "version_value": "None", "version_affected": "="}, {"version_name": "8.4", "version_value": "All", "version_affected": "!"}]}, "product_name": "Cortex XDR Agent"}]}, "vendor_name": "Palo Alto Networks"}]}}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."}], "timeline": [{"lang": "en", "time": "2024-06-12T00:00:00", "value": "Initial publication"}], "data_type": "CVE", "generator": {"engine": "vulnogram 0.1.0-rc1"}, "references": {"reference_data": [{"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826", "refsource": "CONFIRM"}]}, "CNA_private": {"TYPE": "advisory", "STATE": "review", "owner": "abaishya", "publish": {"ym": "2024-06", "year": "2024", "month": "06"}, "Priority": "normal", "show_cvss": true, "affectsSummary": {"unknown": ["", "", "", "", ""], "affected": ["None", "None", "< 8.2.1 on Windows", "< 8.1.2 on Windows", "< 7.9.102-CE on Windows"], "appliesTo": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "unaffected": ["All", "All", ">= 8.2.1 on Windows", ">= 8.1.2 on Windows", ">= 7.9.102-CE on Windows"], "product_versions": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"]}, "share_with_CVE": true, "affectedKeywords": ["Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE", "Cortex XDR Agent 7.5-CE", "Cortex XDR Agent 5.0", "Cortex XDR Agent"]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-case-CPATR-21826", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent", "ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2024-06-12T16:00:00.000Z"}, "x_advisoryEoL": false, "x_affectedList": ["Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE", "Cortex XDR Agent 7.5-CE", "Cortex XDR Agent 5.0"]}}}, "cveMetadata": {"cveId": "CVE-2024-5909", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:03.192Z", "dateReserved": "2024-06-12T15:27:55.683Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-06-12T16:29:23.822Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:windows:*:*", "matchCriteriaId": "76F416A4-2527-4B52-BBED-FF648B8209B0", "versionEndExcluding": "7.9.102", "versionStartIncluding": "7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "8E20EA13-B11E-4578-8DB1-AEBC51EAD4E1", "versionEndExcluding": "8.1.2", "versionStartIncluding": "8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "E60C3C3C-01B8-4A72-B4B6-89BB374BBBB9", "versionEndExcluding": "8.2.1", "versionStartIncluding": "8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."}, {"lang": "es", "value": "Un problema con un mecanismo de protecci\u00f3n en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite que un usuario local de Windows con pocos privilegios deshabilite el agente. Este problema puede ser aprovechado por malware para desactivar el agente Cortex XDR y luego realizar actividades maliciosas."}], "id": "CVE-2024-5909", "lastModified": "2024-08-07T16:53:10.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2024-06-12T17:15:53.370", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5909"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}