Palo Alto Networks Security Advisories / CVE-2024-5912

CVE-2024-5912 Cortex XDR Agent: Improper File Signature Verification Checks

047910
Severity 6.8 · MEDIUM
Urgency MODERATE
Response Effort MODERATE
Recovery USER
Value Density CONCENTRATED
Attack Vector LOCAL
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction NONE
Product Confidentiality NONE
Product Integrity HIGH
Product Availability NONE
Privileges Required LOW
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE

Description

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.

Product Status

VersionsAffectedUnaffected
Cortex XDR Agent 8.5NoneAll
Cortex XDR Agent 8.4NoneAll
Cortex XDR Agent 8.3-CENoneAll
Cortex XDR Agent 8.3NoneAll
Cortex XDR Agent 8.2< 8.2.2>= 8.2.2
Cortex XDR Agent 7.9-CE< 7.9.102-CE>= 7.9.102-CE

Severity: MEDIUM

CVSSv4.0 Base Score: 6.8 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-347 Improper Verification of Cryptographic Signature

Solution

This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions.

Acknowledgments

Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue.

Timeline

Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.