Improper File Signature Check Could Bypass Executable Blocking
CVE-2024-5912

Currently unrated

Key Information:

Vendor: Palo Alto Networks
Status: Cortex Xdr Agent
Vendor: CVE Published:; 10 July 2024

🔔 Create Palo Alto Networks Vulnerability Alert

What is CVE-2024-5912?

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.

Affected Version(s)

Cortex XDR Agent 7.9-CE < 7.9.102-CE

Cortex XDR Agent 8.2 < 8.2.2

Cortex XDR Agent 8.4

References

https://security.paloaltonetworks.com/CVE-2024-5912

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Jun 12, 2024

Credit

Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue.