Cortex XDR Agent: Local Windows User Can Disable the Agent

CVE-2024-9469

5.5MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Cortex Xdr Agent
Vendor: CVE Published:; 9 October 2024

Badges

👾 Exploit Exists

Summary

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

Affected Version(s)

Cortex XDR Agent < 7.9.102-CE

Cortex XDR Agent < 8.3.1

Cortex XDR Agent >= 8.3-CE

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Oct 10, 2024
Initial publication
Oct 9, 2024
Vulnerability published.
Oct 9, 2024

Collectors

NVD DatabaseMitre Database

Credit

Orange Cyberdefense Switzerland's Research Team