CVE-2024-5912 Cortex XDR Agent: Improper File Signature Verification Checks
Response Effort
MODERATE
Recovery
USER
Value Density
CONCENTRATED
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Automatable
NO
User Interaction
NONE
Product Confidentiality
NONE
Product Integrity
HIGH
Product Availability
NONE
Privileges Required
LOW
Subsequent Confidentiality
NONE
Subsequent Integrity
NONE
Subsequent Availability
NONE
Description
An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Cortex XDR Agent 8.5 | None | All |
| Cortex XDR Agent 8.4 | None | All |
| Cortex XDR Agent 8.3-CE | None | All |
| Cortex XDR Agent 8.3 | None | All |
| Cortex XDR Agent 8.2 | < 8.2.2 | >= 8.2.2 |
| Cortex XDR Agent 7.9-CE | < 7.9.102-CE | >= 7.9.102-CE |
Severity: MEDIUM
CVSSv4.0 Base Score: 6.8 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-347 Improper Verification of Cryptographic Signature
Solution
This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions.
Acknowledgments
Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue.
Timeline
Initial publication