{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5909", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-06-12T15:27:55.683Z", "datePublished": "2024-06-12T16:29:23.822Z", "dateUpdated": "2024-08-01T21:25:03.192Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "8.4.0"}, {"status": "unaffected", "version": "8.3.0"}, {"changes": [{"at": "8.2.1", "status": "unaffected"}], "lessThan": "8.2.1", "status": "affected", "version": "8.2.0", "versionType": "custom"}, {"changes": [{"at": "8.1.2", "status": "unaffected"}], "lessThan": "8.1.2", "status": "affected", "version": "8.1.0", "versionType": "custom"}, {"changes": [{"at": "7.9.102-CE", "status": "unaffected"}], "lessThan": "7.9.102-CE", "status": "affected", "version": "7.9-CE", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."}], "datePublic": "2024-06-12T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.</p>"}], "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-06-12T16:29:23.822Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5909"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.</p>"}], "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."}], "source": {"defect": ["CPATR-21835", "CPATR-21826"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-06-12T16:00:00.000Z", "value": "Initial publication"}], "title": "Cortex XDR Agent: Local Windows User Can Disable the Agent", "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "x_legacyV4Record": {"CNA_private": {"Priority": "normal", "STATE": "review", "TYPE": "advisory", "affectedKeywords": ["Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE", "Cortex XDR Agent 7.5-CE", "Cortex XDR Agent 5.0", "Cortex XDR Agent"], "affectsSummary": {"affected": ["None", "None", "< 8.2.1 on Windows", "< 8.1.2 on Windows", "< 7.9.102-CE on Windows"], "appliesTo": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "product_versions": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "unaffected": ["All", "All", ">= 8.2.1 on Windows", ">= 8.1.2 on Windows", ">= 7.9.102-CE on Windows"], "unknown": ["", "", "", "", ""]}, "owner": "abaishya", "publish": {"month": "06", "year": "2024", "ym": "2024-06"}, "share_with_CVE": true, "show_cvss": true}, "CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2024-06-12T16:00:00.000Z", "ID": "CVE-2023-case-CPATR-21826", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XDR Agent", "version": {"version_data": [{"version_affected": "=", "version_name": "8.3", "version_value": "None"}, {"platform": "Windows", "version_affected": "<", "version_name": "8.2", "version_value": "8.2.1"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "8.2", "version_value": "8.2.1"}, {"platform": "Windows", "version_affected": "<", "version_name": "8.1", "version_value": "8.1.2"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "8.1", "version_value": "8.1.2"}, {"platform": "Windows", "version_affected": "<", "version_name": "7.9-CE", "version_value": "7.9.102-CE"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "7.9-CE", "version_value": "7.9.102-CE"}, {"version_affected": "!", "version_name": "8.3", "version_value": "All"}, {"version_affected": "=", "version_name": "8.4", "version_value": "None"}, {"version_affected": "!", "version_name": "8.4", "version_value": "All"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "vulnogram 0.1.0-rc1"}, "impact": {"cvss": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "references": {"reference_data": [{"refsource": "CONFIRM", "url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."}], "source": {"defect": ["CPATR-21835", "CPATR-21826"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-06-12T00:00:00", "value": "Initial publication"}], "x_advisoryEoL": false, "x_affectedList": ["Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE", "Cortex XDR Agent 7.5-CE", "Cortex XDR Agent 5.0"]}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T19:51:54.433806Z", "id": "CVE-2024-5909", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:52:05.711Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.192Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2024-5909"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5909", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.192Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5909", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T19:51:54.433806Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:52:01.575Z"}}], "cna": {"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent", "source": {"defect": ["CPATR-21835", "CPATR-21826"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.8, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XDR Agent", "versions": [{"status": "unaffected", "version": "8.4.0"}, {"status": "unaffected", "version": "8.3.0"}, {"status": "affected", "changes": [{"at": "8.2.1", "status": "unaffected"}], "version": "8.2.0", "lessThan": "8.2.1", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.1.2", "status": "unaffected"}], "version": "8.1.0", "lessThan": "8.1.2", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "7.9.102-CE", "status": "unaffected"}], "version": "7.9-CE", "lessThan": "7.9.102-CE", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-06-12T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.", "supportingMedia": [{"type": "text/html", "value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.</p>", "base64": false}]}], "datePublic": "2024-06-12T07:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5909", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "descriptions": [{"lang": "en", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.", "supportingMedia": [{"type": "text/html", "value": "<p>A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-06-12T16:29:23.822Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."}], "impact": {"cvss": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.8, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}}, "source": {"defect": ["CPATR-21835", "CPATR-21826"], "discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "8.3", "version_value": "None", "version_affected": "="}, {"platform": "Windows", "version_name": "8.2", "version_value": "8.2.1", "version_affected": "<"}, {"platform": "Windows", "version_name": "8.2", "version_value": "8.2.1", "version_affected": "!>="}, {"platform": "Windows", "version_name": "8.1", "version_value": "8.1.2", "version_affected": "<"}, {"platform": "Windows", "version_name": "8.1", "version_value": "8.1.2", "version_affected": "!>="}, {"platform": "Windows", "version_name": "7.9-CE", "version_value": "7.9.102-CE", "version_affected": "<"}, {"platform": "Windows", "version_name": "7.9-CE", "version_value": "7.9.102-CE", "version_affected": "!>="}, {"version_name": "8.3", "version_value": "All", "version_affected": "!"}, {"version_name": "8.4", "version_value": "None", "version_affected": "="}, {"version_name": "8.4", "version_value": "All", "version_affected": "!"}]}, "product_name": "Cortex XDR Agent"}]}, "vendor_name": "Palo Alto Networks"}]}}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."}], "timeline": [{"lang": "en", "time": "2024-06-12T00:00:00", "value": "Initial publication"}], "data_type": "CVE", "generator": {"engine": "vulnogram 0.1.0-rc1"}, "references": {"reference_data": [{"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826", "refsource": "CONFIRM"}]}, "CNA_private": {"TYPE": "advisory", "STATE": "review", "owner": "abaishya", "publish": {"ym": "2024-06", "year": "2024", "month": "06"}, "Priority": "normal", "show_cvss": true, "affectsSummary": {"unknown": ["", "", "", "", ""], "affected": ["None", "None", "< 8.2.1 on Windows", "< 8.1.2 on Windows", "< 7.9.102-CE on Windows"], "appliesTo": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "unaffected": ["All", "All", ">= 8.2.1 on Windows", ">= 8.1.2 on Windows", ">= 7.9.102-CE on Windows"], "product_versions": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"]}, "share_with_CVE": true, "affectedKeywords": ["Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE", "Cortex XDR Agent 7.5-CE", "Cortex XDR Agent 5.0", "Cortex XDR Agent"]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-case-CPATR-21826", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent", "ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2024-06-12T16:00:00.000Z"}, "x_advisoryEoL": false, "x_affectedList": ["Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE", "Cortex XDR Agent 7.5-CE", "Cortex XDR Agent 5.0"]}}}, "cveMetadata": {"cveId": "CVE-2024-5909", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:03.192Z", "dateReserved": "2024-06-12T15:27:55.683Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-06-12T16:29:23.822Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:windows:*:*", "matchCriteriaId": "76F416A4-2527-4B52-BBED-FF648B8209B0", "versionEndExcluding": "7.9.102", "versionStartIncluding": "7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "8E20EA13-B11E-4578-8DB1-AEBC51EAD4E1", "versionEndExcluding": "8.1.2", "versionStartIncluding": "8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "E60C3C3C-01B8-4A72-B4B6-89BB374BBBB9", "versionEndExcluding": "8.2.1", "versionStartIncluding": "8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."}, {"lang": "es", "value": "Un problema con un mecanismo de protecci\u00f3n en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite que un usuario local de Windows con pocos privilegios deshabilite el agente. Este problema puede ser aprovechado por malware para desactivar el agente Cortex XDR y luego realizar actividades maliciosas."}], "id": "CVE-2024-5909", "lastModified": "2024-11-21T09:48:33.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2024-06-12T17:15:53.370", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5909"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5909"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}