Cortex XDR Agent: Local Windows User Can Disable the Agent

CVE-2024-9469

5.5MEDIUM

Key Information

Status
Cortex Xdr Agent
Vendor
CVE Published:
9 October 2024

Badges

👾 Exploit Exists

Summary

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

Affected Version(s)

Cortex XDR Agent < 7.9.102-CE

Cortex XDR Agent < 8.3.1

Cortex XDR Agent >= 8.3-CE

Refferences

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

Collectors

NVD DatabaseMitre Database

Credit

Orange Cyberdefense Switzerland's Research Team
.