Palo Alto Networks Cortex XDR Agent Vulnerability Allows Malware Disablement
CVE-2024-8690

4.4MEDIUM

Key Information:

Vendor

Palo Alto Networks
Status
Cortex Xdr Agent
Vendor
CVE Published:
11 September 2024

What is CVE-2024-8690?

CVE-2024-8690 is a vulnerability identified in the Palo Alto Networks Cortex XDR agent, designed to enhance endpoint security by providing advanced detection and response capabilities. This vulnerability allows users with Windows administrator privileges to disable the Cortex XDR agent, potentially undermining its ability to monitor and protect the system. If leveraged by malicious actors, this flaw can enable malware to deactivate the agent, leaving the system vulnerable to further exploitation and harmful activities.

Technical Details

The vulnerability resides within the detection mechanism of the Cortex XDR agent installed on Windows devices. By exploiting this issue, an attacker with sufficient privileges can disable the agent that is integral to detecting and responding to threats on the network. This security weakness indicates a significant oversight in the design of the agent's authentication and defense protocols, creating a pathway for malicious software to operate more freely on affected systems.

Potential Impact of CVE-2024-8690

  1. Increased Risk of Malware Infection: The ability for malware to disable a core security agent means that once compromised, the likelihood of successful data breaches and system infiltration significantly increases, allowing attackers to operate without detection.

  2. System Compromise and Data Breach: Organizations already subject to this vulnerability may face serious consequences such as unauthorized access to sensitive information, leading to potential data breaches. This could result in severe financial penalties and damage to reputation.

  3. Erosion of Trust in Security Solutions: Frequent vulnerabilities in widely used security products can lead to a diminished trust in their effectiveness, prompting organizations to reconsider their security posture and potentially explore alternative solutions, which could further disrupt their security ecosystems.

Affected Version(s)

Cortex XDR Agent 7.9.102-CE

Cortex XDR Agent 8.5

Cortex XDR Agent 8.4

References

https://security.paloaltonetworks.com/CVE-2024-8690

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ayman Sagy of CyberCX
.