Palo Alto Networks Security Advisories / CVE-2024-5907

CVE-2024-5907 Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability

Urgency MODERATE

047910
Severity 5.2 · MEDIUM
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector LOCAL
Attack Complexity HIGH
Attack Requirements NONE
Automatable NO
User Interaction NONE
Product Confidentiality NONE
Product Integrity LOW
Product Availability NONE
Privileges Required LOW
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability HIGH

Description

A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.

Product Status

VersionsAffectedUnaffected
Cortex XDR Agent 8.4NoneAll
Cortex XDR Agent 8.3< 8.3.1 on Windows>= 8.3.1 on Windows
Cortex XDR Agent 8.2< 8.2.3 on Windows>= 8.2.3 on Windows
Cortex XDR Agent 8.1AllNone
Cortex XDR Agent 7.9-CE< 7.9.102-CE on Windows>= 7.9.102-CE on Windows

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-B: 5.2 (CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-269 Improper Privilege Management

Solution

This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.

Acknowledgments

Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue.

Timeline

Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.