Search criteria
35 vulnerabilities found for Cortex XDR Agent by Palo Alto Networks
CERTFR-2025-AVI-0782
Vulnerability from certfr_avis - Published: 2025-09-11 - Updated: 2025-09-11
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Microsoft 365 Defender Pack versions 4.6.x antérieures à 4.6.5 pour Windows | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions antérieures à 139.12.4.128 | ||
| Palo Alto Networks | N/A | User-ID Credential Agent versions postérieures ou égales à 11.0.2-133 et antérieures à 11.0.3 pour Windows |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Microsoft 365 Defender Pack versions 4.6.x ant\u00e9rieures \u00e0 4.6.5 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 139.12.4.128",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "User-ID Credential Agent versions post\u00e9rieures ou \u00e9gales \u00e0 11.0.2-133 et ant\u00e9rieures \u00e0 11.0.3 pour Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8581"
},
{
"name": "CVE-2025-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4235"
},
{
"name": "CVE-2025-4234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4234"
},
{
"name": "CVE-2025-8577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8577"
},
{
"name": "CVE-2025-8582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8582"
},
{
"name": "CVE-2025-8578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8578"
},
{
"name": "CVE-2025-8580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8580"
},
{
"name": "CVE-2025-8579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8579"
},
{
"name": "CVE-2025-8583",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8583"
},
{
"name": "CVE-2025-8576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8576"
}
],
"initial_release_date": "2025-09-11T00:00:00",
"last_revision_date": "2025-09-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0782",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4235",
"url": "https://security.paloaltonetworks.com/CVE-2025-4235"
},
{
"published_at": "2025-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-4234",
"url": "https://security.paloaltonetworks.com/CVE-2025-4234"
},
{
"published_at": "2025-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0015",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0015"
}
]
}
CERTFR-2025-AVI-0301
Vulnerability from certfr_avis - Published: 2025-04-10 - Updated: 2025-04-10
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.2.x et 6.3.x antérieures à 6.3.4 | ||
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.5.x antérieures à 6.5.1 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3-CE.x antérieures à 8.3.101-CE HF pour Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.x antérieures à 11.2.6 | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions 10.2.4.x antérieures à 10.2.4-h36 | ||
| Palo Alto Networks | Cloud NGFW | Cloud NGFW sans les derniers correctifs de sécurité | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions 11.2.x antérieures à 11.2.4-h5 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.x antérieures à 6.2.8 pour Windows | ||
| Palo Alto Networks | Cortex XDR Broker | Cortex XDR Broker VM versions antérieures à 26.100.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.3.x antérieures à 6.3.3 pour Windows | ||
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.4.x antérieures à 6.4.2 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.6.x antérieures à 8.6.1 pour Windows | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions antérieures à 132.83.3017.1 | ||
| Palo Alto Networks | Prisma SD-WAN | Prisma SD-WAN versions 6.1.x antérieures à 6.1.10 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.5.x antérieures à 8.5.2 pour Windows | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions 10.2.10.x antérieures à 10.2.10-h16 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.9-CE.x antérieures à 7.9.103-CE HF pour Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.x antérieures à 10.1.14-h13 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.x antérieures à 11.1.8 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.x antérieures à 11.0.6 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.x antérieures à 10.2.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prisma SD-WAN versions 6.2.x et 6.3.x ant\u00e9rieures \u00e0 6.3.4",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3-CE.x ant\u00e9rieures \u00e0 8.3.101-CE HF pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 10.2.4.x ant\u00e9rieures \u00e0 10.2.4-h36",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cloud NGFW sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Cloud NGFW",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 11.2.x ant\u00e9rieures \u00e0 11.2.4-h5",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.x ant\u00e9rieures \u00e0 6.2.8 pour Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.100.3",
"product": {
"name": "Cortex XDR Broker",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3 pour Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.6.x ant\u00e9rieures \u00e0 8.6.1 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 132.83.3017.1",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma SD-WAN versions 6.1.x ant\u00e9rieures \u00e0 6.1.10",
"product": {
"name": "Prisma SD-WAN",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.5.x ant\u00e9rieures \u00e0 8.5.2 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions 10.2.10.x ant\u00e9rieures \u00e0 10.2.10-h16",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.9-CE.x ant\u00e9rieures \u00e0 7.9.103-CE HF pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.14-h13",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.8",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.15",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0124"
},
{
"name": "CVE-2025-2783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2783"
},
{
"name": "CVE-2025-2136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2136"
},
{
"name": "CVE-2025-0120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0120"
},
{
"name": "CVE-2025-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0128"
},
{
"name": "CVE-2025-1920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1920"
},
{
"name": "CVE-2025-0126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0126"
},
{
"name": "CVE-2025-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0129"
},
{
"name": "CVE-2025-2135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2135"
},
{
"name": "CVE-2025-2137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2137"
},
{
"name": "CVE-2025-0121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0121"
},
{
"name": "CVE-2025-0127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0127"
},
{
"name": "CVE-2025-0123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0123"
},
{
"name": "CVE-2025-0125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0125"
},
{
"name": "CVE-2025-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0122"
},
{
"name": "CVE-2025-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0119"
},
{
"name": "CVE-2025-2476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2476"
}
],
"initial_release_date": "2025-04-10T00:00:00",
"last_revision_date": "2025-04-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0301",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0122",
"url": "https://security.paloaltonetworks.com/CVE-2025-0122"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0120",
"url": "https://security.paloaltonetworks.com/CVE-2025-0120"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0128",
"url": "https://security.paloaltonetworks.com/CVE-2025-0128"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0008",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0008"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0125",
"url": "https://security.paloaltonetworks.com/CVE-2025-0125"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0127",
"url": "https://security.paloaltonetworks.com/CVE-2025-0127"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0123",
"url": "https://security.paloaltonetworks.com/CVE-2025-0123"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0119",
"url": "https://security.paloaltonetworks.com/CVE-2025-0119"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0124",
"url": "https://security.paloaltonetworks.com/CVE-2025-0124"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0126",
"url": "https://security.paloaltonetworks.com/CVE-2025-0126"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0121",
"url": "https://security.paloaltonetworks.com/CVE-2025-0121"
}
]
}
CERTFR-2025-AVI-0128
Vulnerability from certfr_avis - Published: 2025-02-13 - Updated: 2025-02-13
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les versions 8.4.x et antérieures de Cortex XDR Agent ne sont plus maintenues. La mise à jour vers la version 8.5.1 au minimum est nécessaire. De plus la mise à jour de Cortex XDR Broker VM en version 25.105.6 ne protège pas de l'exploitation de la vulnérabilité CVE-2025-0113 qui est corrigée par la version 26.0.116.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.5.x antérieures à 8.5.1 pour Windows | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions antérieures à 133.8.10.54 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.0 antérieures à 11.2.4-h4 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.0 antérieures à 11.1.6-h1 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.0 antérieures à 10.2.13-h3 | ||
| Palo Alto Networks | Cortex XDR Broker | Cortex XDR Broker VM versions antérieures à 26.0.116 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3-CE antérieures à 8.3.101-CE pour Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS OpenConfig Plugin versions antérieures à 2.1.2 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.0 antérieures à 10.1.14-h9 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.4.x et antérieures |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent versions 8.5.x ant\u00e9rieures \u00e0 8.5.1 pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 133.8.10.54",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.0 ant\u00e9rieures \u00e0 11.2.4-h4",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.0 ant\u00e9rieures \u00e0 11.1.6-h1",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.0 ant\u00e9rieures \u00e0 10.2.13-h3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.0.116",
"product": {
"name": "Cortex XDR Broker",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3-CE ant\u00e9rieures \u00e0 8.3.101-CE pour Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS OpenConfig Plugin versions ant\u00e9rieures \u00e0 2.1.2",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.0 ant\u00e9rieures \u00e0 10.1.14-h9",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.4.x et ant\u00e9rieures",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": " L\u0027\u00e9diteur indique que les versions 8.4.x et ant\u00e9rieures de Cortex XDR Agent ne sont plus maintenues. La mise \u00e0 jour vers la version 8.5.1 au minimum est n\u00e9cessaire. De plus la mise \u00e0 jour de Cortex XDR Broker VM en version 25.105.6 ne prot\u00e8ge pas de l\u0027exploitation de la vuln\u00e9rabilit\u00e9 CVE-2025-0113 qui est corrig\u00e9e par la version 26.0.116.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0448"
},
{
"name": "CVE-2025-0111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0111"
},
{
"name": "CVE-2025-0440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0440"
},
{
"name": "CVE-2025-0445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0445"
},
{
"name": "CVE-2025-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0434"
},
{
"name": "CVE-2025-0439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0439"
},
{
"name": "CVE-2025-0612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0612"
},
{
"name": "CVE-2025-0291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0291"
},
{
"name": "CVE-2025-0451",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0451"
},
{
"name": "CVE-2025-0611",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0611"
},
{
"name": "CVE-2025-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0443"
},
{
"name": "CVE-2025-0109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0109"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2025-0446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0446"
},
{
"name": "CVE-2025-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0435"
},
{
"name": "CVE-2025-0442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0442"
},
{
"name": "CVE-2025-0441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0441"
},
{
"name": "CVE-2025-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0444"
},
{
"name": "CVE-2025-0108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0108"
},
{
"name": "CVE-2025-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0762"
},
{
"name": "CVE-2025-0112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0112"
},
{
"name": "CVE-2025-0438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0438"
},
{
"name": "CVE-2025-0437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0437"
},
{
"name": "CVE-2025-0436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0436"
},
{
"name": "CVE-2025-0447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0447"
},
{
"name": "CVE-2025-0110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0110"
},
{
"name": "CVE-2025-0113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0113"
}
],
"initial_release_date": "2025-02-13T00:00:00",
"last_revision_date": "2025-02-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0128",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-1135",
"url": "https://security.paloaltonetworks.com/CVE-2024-1135"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0109",
"url": "https://security.paloaltonetworks.com/CVE-2025-0109"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0110",
"url": "https://security.paloaltonetworks.com/CVE-2025-0110"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0108",
"url": "https://security.paloaltonetworks.com/CVE-2025-0108"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0113",
"url": "https://security.paloaltonetworks.com/CVE-2025-0113"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0004",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0004"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0112",
"url": "https://security.paloaltonetworks.com/CVE-2025-0112"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0111",
"url": "https://security.paloaltonetworks.com/CVE-2025-0111"
}
]
}
CERTFR-2024-AVI-0859
Vulnerability from certfr_avis - Published: 2024-10-10 - Updated: 2024-10-10
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions antérieures à 6.12.0 (Build 1271551) | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0 antérieures à 11.0.6 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.9-x antérieures à 10.2.9-h11 | ||
| Palo Alto Networks | Expedition | Expedition versions antérieures à 1.2.96 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions antérieures à 6.2.5 sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.10-x antérieures à 10.2.10-h4 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions antérieures à 7.9.102-CE sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.4-x antérieures à 11.0.4-h5 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.4.x antérieures à 8.4.1 sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2 antérieures à 10.2.11 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1 antérieures à 11.1.3 | ||
| Palo Alto Networks | Prisma Access | Prisma Access Browser versions antérieures à 129.101.2913.3 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1 antérieures à 10.1.11 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3.x antérieures à 8.3.1 sur Windows |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XSOAR versions ant\u00e9rieures \u00e0 6.12.0 (Build 1271551)",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0 ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.9-x ant\u00e9rieures \u00e0 10.2.9-h11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Expedition versions ant\u00e9rieures \u00e0 1.2.96",
"product": {
"name": "Expedition",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.2.5 sur Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.10-x ant\u00e9rieures \u00e0 10.2.10-h4",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.4-x ant\u00e9rieures \u00e0 11.0.4-h5",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.4.x ant\u00e9rieures \u00e0 8.4.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1 ant\u00e9rieures \u00e0 11.1.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 129.101.2913.3",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-9468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9468"
},
{
"name": "CVE-2024-8909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8909"
},
{
"name": "CVE-2024-9603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9603"
},
{
"name": "CVE-2024-8905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8905"
},
{
"name": "CVE-2024-7025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7025"
},
{
"name": "CVE-2024-8906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
},
{
"name": "CVE-2024-9123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9123"
},
{
"name": "CVE-2024-8907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8907"
},
{
"name": "CVE-2024-9469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9469"
},
{
"name": "CVE-2024-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9471"
},
{
"name": "CVE-2024-9370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9370"
},
{
"name": "CVE-2024-9470",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9470"
},
{
"name": "CVE-2024-9463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9463"
},
{
"name": "CVE-2024-9602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9602"
},
{
"name": "CVE-2024-9467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9467"
},
{
"name": "CVE-2024-9122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9122"
},
{
"name": "CVE-2024-9464",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9464"
},
{
"name": "CVE-2024-9121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9121"
},
{
"name": "CVE-2024-8904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8904"
},
{
"name": "CVE-2024-9369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9369"
},
{
"name": "CVE-2024-9120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9120"
},
{
"name": "CVE-2024-9465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9465"
},
{
"name": "CVE-2024-9466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9466"
},
{
"name": "CVE-2024-9473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9473"
},
{
"name": "CVE-2024-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8908"
}
],
"initial_release_date": "2024-10-10T00:00:00",
"last_revision_date": "2024-10-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0859",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0010",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0011",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0011"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-23347",
"url": "https://security.paloaltonetworks.com/CVE-2024-9469"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks GPC-19493 et GPC-21211",
"url": "https://security.paloaltonetworks.com/CVE-2024-9473"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-244840",
"url": "https://security.paloaltonetworks.com/CVE-2024-9468"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-217511 et PAN-152631",
"url": "https://security.paloaltonetworks.com/CVE-2024-9471"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105114",
"url": "https://security.paloaltonetworks.com/CVE-2024-9470"
}
]
}
CERTFR-2024-AVI-0770
Vulnerability from certfr_avis - Published: 2024-09-12 - Updated: 2024-09-12
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.0.x antérieures à 10.0.12 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.1.x antérieures à 5.1.12 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.x antérieures à 11.0.1 | ||
| Palo Alto Networks | Prisma Access | Prisma Access versions antérieures à 10.2.9 sur PAN-OS | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.0.x antérieures à 9.0.17 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.x antérieures à 11.2.3 | ||
| Palo Alto Networks | ActiveMQ Content Pack | ActiveMQ Content Pack versions 1.1.x antérieures à 1.1.15 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.x antérieures à 10.1.11 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.1 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent toutes versions antérieures à 8.2 | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions 128.x.x.x postérieures à 128.91.2869.7 et antérieures à 128.138.2888.2 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.x antérieures à 10.2.4 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.0.x antérieures à 6.0.7 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 8.1.x antérieures à 8.1.25 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.2.x antérieures à 5.2.13 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.1.x antérieures à 9.1.17 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.1.x antérieures à 6.1.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.12",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access versions ant\u00e9rieures \u00e0 10.2.9 sur PAN-OS",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.0.x ant\u00e9rieures \u00e0 9.0.17",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "ActiveMQ Content Pack versions 1.1.x ant\u00e9rieures \u00e0 1.1.15",
"product": {
"name": "ActiveMQ Content Pack",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent toutes versions ant\u00e9rieures \u00e0 8.2",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions 128.x.x.x post\u00e9rieures \u00e0 128.91.2869.7 et ant\u00e9rieures \u00e0 128.138.2888.2",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.7",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.25",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.13",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.17",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.2",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-8193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8193"
},
{
"name": "CVE-2024-7976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
},
{
"name": "CVE-2024-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
},
{
"name": "CVE-2024-7969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
},
{
"name": "CVE-2024-8691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8691"
},
{
"name": "CVE-2024-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
},
{
"name": "CVE-2024-7980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
},
{
"name": "CVE-2024-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
},
{
"name": "CVE-2024-7964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
},
{
"name": "CVE-2024-8636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8636"
},
{
"name": "CVE-2024-7968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
},
{
"name": "CVE-2024-8686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8686"
},
{
"name": "CVE-2024-8638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8638"
},
{
"name": "CVE-2024-8639",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8639"
},
{
"name": "CVE-2024-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
},
{
"name": "CVE-2024-8362",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8362"
},
{
"name": "CVE-2024-8687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8687"
},
{
"name": "CVE-2024-7966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
},
{
"name": "CVE-2024-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
},
{
"name": "CVE-2024-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
},
{
"name": "CVE-2024-8637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8637"
},
{
"name": "CVE-2024-7972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
},
{
"name": "CVE-2024-7967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
},
{
"name": "CVE-2024-8689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8689"
},
{
"name": "CVE-2024-8198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8198"
},
{
"name": "CVE-2024-8688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8688"
},
{
"name": "CVE-2024-8034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
},
{
"name": "CVE-2024-7970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7970"
},
{
"name": "CVE-2024-8690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8690"
},
{
"name": "CVE-2024-7981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
},
{
"name": "CVE-2024-8033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
},
{
"name": "CVE-2024-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8194"
},
{
"name": "CVE-2024-7978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
},
{
"name": "CVE-2024-7971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
},
{
"name": "CVE-2024-7965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
}
],
"initial_release_date": "2024-09-12T00:00:00",
"last_revision_date": "2024-09-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0770",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-219031 et PAN-192893",
"url": "https://security.paloaltonetworks.com/CVE-2024-8691"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-204689 et GPC-16848",
"url": "https://security.paloaltonetworks.com/CVE-2024-8687"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-151792 et PAN-82874",
"url": "https://security.paloaltonetworks.com/CVE-2024-8688"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-20644",
"url": "https://security.paloaltonetworks.com/CVE-2024-8690"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105751",
"url": "https://security.paloaltonetworks.com/CVE-2024-8689"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0009",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0009"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-263321",
"url": "https://security.paloaltonetworks.com/CVE-2024-8686"
}
]
}
CERTFR-2024-AVI-0567
Vulnerability from certfr_avis - Published: 2024-07-11 - Updated: 2024-07-11
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que le correctif pour la vulnérabilité CVE-2024-3596 pour Prisma Access devrait être disponible le 30 Juillet 2024.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 11.1 antérieures à 11.1.4 | ||
| Palo Alto Networks | Expedition | Expedition versions 1.2 antérieures à 1.2.92 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.1 antérieures à 10.1.9 sur Panorama | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.2 antérieures à 10.2.4 sur Panorama | ||
| Palo Alto Networks | Expedition | Script d'installation initSetup_v2.0 pour Expedition versions antérieures à la date 20240605 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.2 antérieures à 10.2.10 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 9.1 antérieures à 9.1.19 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 11.0 antérieures à 11.0.5 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.2 antérieures à 8.2.2 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.9-CE antérieures à 7.9.102-CE | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 11.2 antérieures à 11.2.1 | ||
| Palo Alto Networks | GlobalProtect App | PAN-OS versions 10.1 antérieures à 10.1.14-h2 | ||
| Palo Alto Networks | Prisma Access | Prisma Access toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PAN-OS versions 11.1 ant\u00e9rieures \u00e0 11.1.4",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Expedition versions 1.2 ant\u00e9rieures \u00e0 1.2.92",
"product": {
"name": "Expedition",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.9 sur Panorama",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.4 sur Panorama",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Script d\u0027installation initSetup_v2.0 pour Expedition versions ant\u00e9rieures \u00e0 la date 20240605",
"product": {
"name": "Expedition",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2 ant\u00e9rieures \u00e0 10.2.10",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1 ant\u00e9rieures \u00e0 9.1.19",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0 ant\u00e9rieures \u00e0 11.0.5",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.2 ant\u00e9rieures \u00e0 8.2.2",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.9-CE ant\u00e9rieures \u00e0 7.9.102-CE",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2 ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1 ant\u00e9rieures \u00e0 10.1.14-h2",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access toutes versions",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que le correctif pour la vuln\u00e9rabilit\u00e9 CVE-2024-3596 pour Prisma Access devrait \u00eatre disponible le 30 Juillet 2024.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-5911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5911"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-5913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5913"
},
{
"name": "CVE-2024-5910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5910"
},
{
"name": "CVE-2024-5912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5912"
}
],
"initial_release_date": "2024-07-11T00:00:00",
"last_revision_date": "2024-07-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0567",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5910",
"url": "https://security.paloaltonetworks.com/CVE-2024-5910"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-247511",
"url": "https://security.paloaltonetworks.com/CVE-2024-3596"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0006",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0006"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-22565",
"url": "https://security.paloaltonetworks.com/CVE-2024-5912"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5913",
"url": "https://security.paloaltonetworks.com/CVE-2024-5913"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-182835",
"url": "https://security.paloaltonetworks.com/CVE-2024-5911"
}
]
}
CERTFR-2024-AVI-0491
Vulnerability from certfr_avis - Published: 2024-06-13 - Updated: 2024-06-13
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.1.x antérieures à 5.1.12 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.9.x.-CE antérieures à 7.9.102-CE sur Windows | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.1.x à 8.2.x antérieures à 8.2.1 sur Windows | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.1.x antérieures à 6.1.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.0.x antérieures à 6.0.8 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3.x antérieures à 8.3.1 sur Windows | ||
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions 32.x antérieures à 32.05 (O’Neal - Update 5) |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.9.x.-CE ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.1.x \u00e0 8.2.x ant\u00e9rieures \u00e0 8.2.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.3",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.8",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Cloud Compute versions 32.x ant\u00e9rieures \u00e0 32.05 (O\u2019Neal - Update 5)",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5908"
},
{
"name": "CVE-2024-5907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5907"
},
{
"name": "CVE-2024-5905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5905"
},
{
"name": "CVE-2024-5906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5906"
},
{
"name": "CVE-2024-5909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5909"
}
],
"initial_release_date": "2024-06-13T00:00:00",
"last_revision_date": "2024-06-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0491",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5906",
"url": "https://security.paloaltonetworks.com/CVE-2024-5906"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5908",
"url": "https://security.paloaltonetworks.com/CVE-2024-5908"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5907",
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5905",
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5909",
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
]
}
CERTFR-2023-AVI-0746
Vulnerability from certfr_avis - Published: 2023-09-14 - Updated: 2023-09-14
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent pour Windows 7.5-CE.x toutes versions | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent pour Windows versions 7.9-CE.x antérieures à 7.9.101-CE | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.x antérieures à 11.0.3 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent pour Windows versions 7.9.x antérieures à 7.9.3 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.1.x antérieures à 10.1.11 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.1.x antérieures à 9.1.16-HF | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent pour Windows versions 8.0.x antérieures à 8.0.2 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent pour Windows 5.0.x toutes versions | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.x antérieures à 11.0.3 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent pour Windows 7.5-CE.x toutes versions",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent pour Windows versions 7.9-CE.x ant\u00e9rieures \u00e0 7.9.101-CE",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 11.0.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent pour Windows versions 7.9.x ant\u00e9rieures \u00e0 7.9.3",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.16-HF",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent pour Windows versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent pour Windows 5.0.x toutes versions",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.3",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-38802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38802"
},
{
"name": "CVE-2023-3280",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3280"
}
],
"initial_release_date": "2023-09-14T00:00:00",
"last_revision_date": "2023-09-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks\u00a0CVE-2023-38802 du 13 septembre 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-38802"
}
],
"reference": "CERTFR-2023-AVI-0746",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Palo Alto Networks\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2023-3280 du 13 septembre 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-3280"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2023-38802 du 13 septembre 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0105
Vulnerability from certfr_avis - Published: 2023-02-09 - Updated: 2023-02-09
De multiples vulnérabilités ont été corrigées dans PaloAlto. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR agent versions 5.0.12.x antérieures à 5.0.12.22203 sur Windows | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.6 antérieures au build numéro B186115 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.8 antérieures au build numéro B185719 | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.10 antérieures au build numéro 185964 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR agent versions 7.5.x-CE antérieures à 7.5.101-CE sur Windows | ||
| Palo Alto Networks | Cortex XSOAR | Cortex XSOAR versions 6.9 antérieures au build numéro B185415 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR agent versions 5.0.12.x ant\u00e9rieures \u00e0 5.0.12.22203 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.6 ant\u00e9rieures au build num\u00e9ro B186115",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.8 ant\u00e9rieures au build num\u00e9ro B185719",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.10 ant\u00e9rieures au build num\u00e9ro 185964",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR agent versions 7.5.x-CE ant\u00e9rieures \u00e0 7.5.101-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XSOAR versions 6.9 ant\u00e9rieures au build num\u00e9ro B185415",
"product": {
"name": "Cortex XSOAR",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0003"
},
{
"name": "CVE-2023-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0001"
},
{
"name": "CVE-2023-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0002"
}
],
"initial_release_date": "2023-02-09T00:00:00",
"last_revision_date": "2023-02-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto du 08 f\u00e9vrier 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-0003"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto du 08 f\u00e9vrier 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto du 08 f\u00e9vrier 2023",
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
],
"reference": "CERTFR-2023-AVI-0105",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePaloAlto\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits PaloAlto",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2023-0003 du 08 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2023-0001 du 08 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2023-0002 du 08 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2022-AVI-824
Vulnerability from certfr_avis - Published: 2022-09-15 - Updated: 2022-09-15
Une vulnérabilité a été découverte dans PaloAlto Cortex XDR Agent. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.7.x antérieures à 7.7.3 sur Windows | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 5.0.x antérieures à 5.0.12-hotfix sur Windows | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.5.x CE antérieures à 7.5.101-CE sur Windows |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent versions 7.7.x ant\u00e9rieures \u00e0 7.7.3 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 5.0.x ant\u00e9rieures \u00e0 5.0.12-hotfix sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.5.x CE ant\u00e9rieures \u00e0 7.5.101-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0029"
}
],
"initial_release_date": "2022-09-15T00:00:00",
"last_revision_date": "2022-09-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-824",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans PaloAlto Cortex XDR Agent. Elle\npermet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans PaloAlto Cortex XDR Agent",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PaloAlto CVE-2022-0029 du 14 septembre 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
]
}
CERTFR-2022-AVI-032
Vulnerability from certfr_avis - Published: 2022-01-13 - Updated: 2022-01-13
De multiples vulnérabilités ont été découvertes dans Palo Alto Cortex XDR. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent 5.0.x versions antérieures à 5.0.12 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent 7.2.x versions antérieures à 7.2.4 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent 6.1.x versions antérieures à 6.1.9 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent 7.3.x versions antérieures à 7.3.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent 5.0.x versions ant\u00e9rieures \u00e0 5.0.12",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent 7.2.x versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent 6.1.x versions ant\u00e9rieures \u00e0 6.1.9",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent 7.3.x versions ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0013"
},
{
"name": "CVE-2022-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0015"
},
{
"name": "CVE-2022-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0014"
},
{
"name": "CVE-2022-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0012"
}
],
"initial_release_date": "2022-01-13T00:00:00",
"last_revision_date": "2022-01-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-032",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Palo Alto Cortex\nXDR. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Palo Alto Cortex XDR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0012 du 12 janvier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0012"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0015 du 12 janvier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0015"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0014 du 12 janvier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0014"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0013 du 12 janvier 2022",
"url": "https://security.paloaltonetworks.com/CVE-2022-0013"
}
]
}
CERTFR-2021-AVI-532
Vulnerability from certfr_avis - Published: 2021-07-16 - Updated: 2021-07-16
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions 20.12 antérieures à 20.12.552 | ||
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions 21.04 antérieures à 21.04.439 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.3 sans le correctif 181 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.2 sans le correctif 181 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 6.1 sans le correctif 181 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prisma Cloud Compute versions 20.12 ant\u00e9rieures \u00e0 20.12.552",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Cloud Compute versions 21.04 ant\u00e9rieures \u00e0 21.04.439",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.3 sans le correctif 181",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.2 sans le correctif 181",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 6.1 sans le correctif 181",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3042",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3042"
},
{
"name": "CVE-2021-3043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3043"
}
],
"initial_release_date": "2021-07-16T00:00:00",
"last_revision_date": "2021-07-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto\u00a0Networks CVE-2021-3042 du 14 juillet 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3042"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto\u00a0Networks CVE-2021-3043 du 14 juillet 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3043"
}
],
"reference": "CERTFR-2021-AVI-532",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Elles permettent \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3043 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3042 du 14 juillet 2021",
"url": null
}
]
}
CVE-2025-0121 (GCVE-0-2025-0121)
Vulnerability from cvelistv5 – Published: 2025-04-11 01:45 – Updated: 2025-04-11 16:02
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Crash the Agent
Summary
A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.7.0 , < 6.3.3
(custom)
Affected: 8.6.0 , < 8.6.1 (custom) Affected: 8.5.0 , < 8.5.2 (custom) Affected: 8.3-CE , < 8.3.101-CE HF (custom) Affected: 7.9-CE , < 7.9.103-CE HF (custom) cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.6.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.1:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102-CE:-:*:*:*:*:*:* |
Credits
adcisseckilled
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T15:44:45.921667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T16:02:36.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.6.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.1:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102-CE:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "6.3.3",
"status": "unaffected"
}
],
"lessThan": "6.3.3",
"status": "unaffected",
"version": "8.7.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.6.1",
"status": "unaffected"
}
],
"lessThan": "8.6.1",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.5.2",
"status": "unaffected"
}
],
"lessThan": "8.5.2",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.101-CE HF",
"status": "unaffected"
}
],
"lessThan": "8.3.101-CE HF",
"status": "affected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.103-CE HF",
"status": "unaffected"
}
],
"lessThan": "7.9.103-CE HF",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is needed to be affected by this issue."
}
],
"value": "No special configuration is needed to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "adcisseckilled"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it."
}
],
"value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T01:45:54.148Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0121"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions."
}
],
"value": "This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-26258"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Crash the Agent",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_affectedList": [
"Cortex XDR Agent 8.6.0",
"Cortex XDR Agent 8.5.0",
"Cortex XDR Agent 8.5.1",
"Cortex XDR Agent 8.3-CE",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.9.101-CE",
"Cortex XDR Agent 7.9.102-CE"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0121",
"datePublished": "2025-04-11T01:45:54.148Z",
"dateReserved": "2024-12-20T23:23:22.401Z",
"dateUpdated": "2025-04-11T16:02:36.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0112 (GCVE-0-2025-0112)
Vulnerability from cvelistv5 – Published: 2025-02-19 23:44 – Updated: 2025-02-20 17:23
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
8.3-CE , < 8.3.101-CE
(custom)
Affected: 8.4.0 (custom) Affected: 8.5.0 , < 8.5.1 (custom) Unaffected: 8.6.0 (custom) cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3:CE:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.*:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:*:*:*:*:*:*:* |
Credits
Eldar Aharoni of Palo Alto Networks
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T17:22:51.908589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T17:23:01.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3:CE:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.*:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "8.3.101-CE",
"status": "unaffected"
}
],
"lessThan": "8.3.101-CE",
"status": "affected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.4.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.5.1",
"status": "unaffected"
}
],
"lessThan": "8.5.1",
"status": "affected",
"version": "8.5.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eldar Aharoni of Palo Alto Networks"
}
],
"datePublic": "2025-02-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity.\u003c/p\u003e"
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T23:44:33.652Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0112"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 8.3.101-CE, Cortex XDR agent 8.5.1, Cortex XDR agent 8.6 and all later Cortex XDR agent versions."
}
],
"value": "This issue is fixed in Cortex XDR agent 8.3.101-CE, Cortex XDR agent 8.5.1, Cortex XDR agent 8.6 and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-25268"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-02-12T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds or mitigations for this issue."
}
],
"value": "There are no known workarounds or mitigations for this issue."
}
],
"x_affectedList": [
"Cortex XDR Agent 8.3-CE",
"Cortex XDR Agent 8.5.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0112",
"datePublished": "2025-02-19T23:44:33.652Z",
"dateReserved": "2024-12-20T23:23:14.201Z",
"dateUpdated": "2025-02-20T17:23:01.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9469 (GCVE-0-2024-9469)
Vulnerability from cvelistv5 – Published: 2024-10-09 17:05 – Updated: 2024-10-18 11:55
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9 , < 7.9.102-CE
(custom)
Affected: 8.3 , < 8.3.1 (custom) Unaffected: 8.3-CE Affected: 8.4 , < 8.4.1 (custom) Unaffected: 8.5 Unaffected: 8.6 cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:* |
Credits
Orange Cyberdefense Switzerland's Research Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:38:18.728169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:38:44.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.4.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3.0:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"changes": [
{
"at": "8.4.1",
"status": "unaffected"
}
],
"lessThan": "8.4.1",
"status": "affected",
"version": "8.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Orange Cyberdefense Switzerland\u0027s Research Team"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T11:55:36.651Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-9469"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
}
],
"value": "This issue is fixed in Cortex XDR Agent 7.9.102-CE, Cortex XDR Agent 8.3.1, Cortex XDR Agent 8.4.1, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-23347"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-10-09T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-9469",
"datePublished": "2024-10-09T17:05:55.091Z",
"dateReserved": "2024-10-03T11:35:16.152Z",
"dateUpdated": "2024-10-18T11:55:36.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8690 (GCVE-0-2024-8690)
Vulnerability from cvelistv5 – Published: 2024-09-11 16:42 – Updated: 2024-09-11 18:24
VLAI?
Title
Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
Summary
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.5
Unaffected: 8.4 Unaffected: 8.3 Unaffected: 8.3-CE Unaffected: 8.2 Affected: 7.9.102-CE |
Credits
Ayman Sagy of CyberCX
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:23:32.709813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:24:05.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.4"
},
{
"status": "unaffected",
"version": "8.3"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"status": "unaffected",
"version": "8.2"
},
{
"status": "affected",
"version": "7.9.102-CE"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ayman Sagy of CyberCX"
}
],
"datePublic": "2024-09-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440: Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T16:42:39.974Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8690"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions."
}
],
"source": {
"defect": [
"CPATR-20644"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-11T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows Administrator Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-8690",
"datePublished": "2024-09-11T16:42:39.974Z",
"dateReserved": "2024-09-11T08:21:15.662Z",
"dateUpdated": "2024-09-11T18:24:05.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5912 (GCVE-0-2024-5912)
Vulnerability from cvelistv5 – Published: 2024-07-10 18:40 – Updated: 2024-08-01 21:25
VLAI?
Title
Cortex XDR Agent: Improper File Signature Verification Checks
Summary
An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.
Severity ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.4
(custom)
Unaffected: 8.3-CE (custom) Unaffected: 8.3 (custom) Affected: 7.9-CE , < 7.9.102-CE (custom) Affected: 8.2 , < 8.2.2 (custom) |
Credits
Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:37:27.359741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:37:33.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5912"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.2.2",
"status": "unaffected"
}
],
"lessThan": "8.2.2",
"status": "affected",
"version": "8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue."
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent\u0027s executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."
}
],
"value": "An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent\u0027s executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T18:40:16.240Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5912"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-22565"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-07-10T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Improper File Signature Verification Checks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5912",
"datePublished": "2024-07-10T18:40:16.240Z",
"dateReserved": "2024-06-12T15:27:56.188Z",
"dateUpdated": "2024-08-01T21:25:03.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5909 (GCVE-0-2024-5909)
Vulnerability from cvelistv5 – Published: 2024-06-12 16:29 – Updated: 2024-08-01 21:25
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
8.4.0
Unaffected: 8.3.0 Affected: 8.2.0 , < 8.2.1 (custom) Affected: 8.1.0 , < 8.1.2 (custom) Affected: 7.9-CE , < 7.9.102-CE (custom) |
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:51:54.433806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:52:05.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.4.0"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:29:23.822Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectedKeywords": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0",
"Cortex XDR Agent"
],
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21826",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE",
"Cortex XDR Agent 7.5-CE",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5909",
"datePublished": "2024-06-12T16:29:23.822Z",
"dateReserved": "2024-06-12T15:27:55.683Z",
"dateUpdated": "2024-08-01T21:25:03.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5907 (GCVE-0-2024-5907)
Vulnerability from cvelistv5 – Published: 2024-06-12 16:26 – Updated: 2024-08-01 21:25
VLAI?
Title
Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability
Summary
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9-CE , < 7.9.102-CE
(custom)
Affected: 8.1.0 Affected: 8.2.0 , < 8.2.3 (custom) Affected: 8.3.0 , < 8.3.1 (custom) Unaffected: 8.4.0 |
Credits
Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T03:56:05.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.1.0"
},
{
"changes": [
{
"at": "8.2.3",
"status": "unaffected"
}
],
"lessThan": "8.2.3",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland\u0027s Research Team for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.\u003c/p\u003e"
}
],
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:26:39.742Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Current-Status": "Verify with Alain how they want to be acknowledged",
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"None",
"\u003c 8.3.1 on Windows",
"\u003c 8.2.3 on Windows",
"All",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"\u003e= 8.3.1 on Windows",
"\u003e= 8.2.3 on Windows",
"None",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-23348",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.3"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.3"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.3",
"version_value": "8.3.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.3",
"version_value": "8.3.1"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.1",
"version_value": "All"
},
{
"version_affected": "!",
"version_name": "8.1",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5907",
"datePublished": "2024-06-12T16:26:39.742Z",
"dateReserved": "2024-06-12T15:27:55.262Z",
"dateUpdated": "2024-08-01T21:25:03.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5905 (GCVE-0-2024-5905)
Vulnerability from cvelistv5 – Published: 2024-06-12 16:20 – Updated: 2024-08-01 21:25
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.
Severity ?
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.9-CE , < 7.9.102-CE
(custom)
Affected: 8.1.0 , < 8.1.2 (custom) Affected: 8.2.0 , < 8.2.1 (custom) Unaffected: 8.3.0 Unaffected: 8.4.0 |
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:58:42.722169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T17:58:51.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"status": "unaffected",
"version": "8.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:22:57.869Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"None",
"None",
"\u003c 8.2.1 on Windows",
"\u003c 8.1.2 on Windows",
"\u003c 7.9.102-CE on Windows"
],
"appliesTo": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"product_versions": [
"Cortex XDR Agent 8.4",
"Cortex XDR Agent 8.3",
"Cortex XDR Agent 8.2",
"Cortex XDR Agent 8.1",
"Cortex XDR Agent 7.9-CE"
],
"unaffected": [
"All",
"All",
"\u003e= 8.2.1 on Windows",
"\u003e= 8.1.2 on Windows",
"\u003e= 7.9.102-CE on Windows"
],
"unknown": [
"",
"",
"",
"",
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CPATR-21727",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.9-CE",
"version_value": "7.9.102-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.2"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "8.2",
"version_value": "8.2.1"
},
{
"version_affected": "=",
"version_name": "8.3",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.3",
"version_value": "All"
},
{
"version_affected": "=",
"version_name": "8.4",
"version_value": "None"
},
{
"version_affected": "!",
"version_name": "8.4",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21727"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5905",
"datePublished": "2024-06-12T16:20:35.039Z",
"dateReserved": "2024-06-12T15:27:53.779Z",
"dateUpdated": "2024-08-01T21:25:03.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3280 (GCVE-0-2023-3280)
Vulnerability from cvelistv5 – Published: 2023-09-13 16:13 – Updated: 2024-09-25 17:48
VLAI?
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
Severity ?
5.5 (Medium)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
5.0
Affected: 7.5-CE Affected: 7.9 , < 7.9.3 (custom) Affected: 7.9-CE , < 7.9.101-CE (custom) Affected: 8.0 , < 8.0.2 (custom) Unaffected: 8.1 |
Credits
Manuel Feifel of InfoGuard AG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-3280"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:41:53.331366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:48:34.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "7.5-CE"
},
{
"changes": [
{
"at": "7.9.3",
"status": "unaffected"
}
],
"lessThan": "7.9.3",
"status": "affected",
"version": "7.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.101-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.101-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.0.2",
"status": "unaffected"
}
],
"lessThan": "8.0.2",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Manuel Feifel of InfoGuard AG"
}
],
"datePublic": "2023-09-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\u003c/p\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-578",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-578 Disable Security Software"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T16:13:29.266Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-3280"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.\n"
}
],
"source": {
"defect": [
"CPATR-19884"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-09-13T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-3280",
"datePublished": "2023-09-13T16:13:29.266Z",
"dateReserved": "2023-06-15T23:55:42.807Z",
"dateUpdated": "2024-09-25T17:48:34.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0002 (GCVE-0-2023-0002)
Vulnerability from cvelistv5 – Published: 2023-02-08 17:21 – Updated: 2025-03-25 13:57
VLAI?
Title
Cortex XDR Agent: Product Disruption by Local Windows User
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
Severity ?
5.5 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR agent |
Unaffected:
7.9 All
Unaffected: 7.8 All Affected: 7.5 , < 7.5.101-CE (custom) Affected: 5.0 , < 5.0.12.22203 (custom) |
Credits
Palo Alto Networks thanks Fernando Romero de la Morena and Robert McCallum (M42D) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:56:53.392401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:57:01.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.9 All"
},
{
"status": "unaffected",
"version": "7.8 All"
},
{
"changes": [
{
"at": "7.5.101-CE",
"status": "unaffected"
}
],
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.0.12.22203",
"status": "unaffected"
}
],
"lessThan": "5.0.12.22203",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Palo Alto Networks thanks Fernando Romero de la Morena and Robert McCallum (M42D) for discovering and reporting this issue."
}
],
"datePublic": "2023-02-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.\u003cbr\u003e"
}
],
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-08T17:21:47.711Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Cortex XDR agent versions."
}
],
"value": "This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13215",
"CPATR-13184"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-08T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Product Disruption by Local Windows User",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-0002",
"datePublished": "2023-02-08T17:21:47.711Z",
"dateReserved": "2022-10-27T18:48:11.588Z",
"dateUpdated": "2025-03-25T13:57:01.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0001 (GCVE-0-2023-0001)
Vulnerability from cvelistv5 – Published: 2023-02-08 17:20 – Updated: 2024-08-02 04:54
VLAI?
Title
Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
Summary
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
Severity ?
6 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR agent |
Unaffected:
7.9 All
Unaffected: 7.8 All Affected: 7.5 , < 7.5.101-CE (custom) Unaffected: 5.0 All |
Credits
Palo Alto Networks thanks Robert McCallum (M42D) for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.9 All"
},
{
"status": "unaffected",
"version": "7.8 All"
},
{
"changes": [
{
"at": "7.5.101-CE",
"status": "unaffected"
}
],
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.0 All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Palo Alto Networks thanks Robert McCallum (M42D) for discovering and reporting this issue."
}
],
"datePublic": "2023-02-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
}
],
"value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T18:25:00.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0001"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\u003cbr\u003e\u003cbr\u003eAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
}
],
"value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\n\nAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
}
],
"source": {
"defect": [
"CPATR-13152"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-08T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Cleartext Exposure of Agent Admin Password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-0001",
"datePublished": "2023-02-08T17:20:20.774Z",
"dateReserved": "2022-10-27T18:47:48.958Z",
"dateUpdated": "2024-08-02T04:54:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0029 (GCVE-0-2022-0029)
Vulnerability from cvelistv5 – Published: 2022-09-14 16:35 – Updated: 2025-06-04 15:08
VLAI?
Title
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
Summary
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
Severity ?
5.5 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.7 , < 7.7.3
(custom)
Affected: 7.5 CE , < 7.5.101-CE (custom) Affected: 5.0 , < 5.0.12-hotfix update (custom) |
|||||||
|
|||||||||
Credits
Palo Alto Networks thanks Diego García of INCIDE for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T15:08:25.783065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T15:08:32.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThan": "7.7.3",
"status": "affected",
"version": "7.7",
"versionType": "custom"
},
{
"lessThan": "7.5.101-CE",
"status": "affected",
"version": "7.5 CE",
"versionType": "custom"
},
{
"lessThan": "5.0.12-hotfix update",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.8 all"
},
{
"lessThan": "7.7*",
"status": "unaffected",
"version": "7.7.3",
"versionType": "custom"
},
{
"lessThan": "7.5 CE*",
"status": "unaffected",
"version": "7.5.101-CE",
"versionType": "custom"
},
{
"lessThan": "5.0*",
"status": "unaffected",
"version": "5.0.12-hotfix update",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."
}
],
"datePublic": "2022-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T16:35:08.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."
}
],
"source": {
"defect": [
"CPATR-16806"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-09-14T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-09-14T16:00:00.000Z",
"ID": "CVE-2022-0029",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.7",
"version_value": "7.7.3"
},
{
"version_affected": "!\u003e=",
"version_name": "7.7",
"version_value": "7.7.3"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.5 CE",
"version_value": "7.5.101-CE"
},
{
"version_affected": "!\u003e=",
"version_name": "7.5 CE",
"version_value": "7.5.101-CE"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.12-hotfix update"
},
{
"version_affected": "!",
"version_name": "7.8",
"version_value": "all"
},
{
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.12-hotfix update"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Diego Garc\u00eda of INCIDE for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this vulnerability are expected to become publicly available."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0029",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0029"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12-hotfix update, Cortex XDR agent 7.5.101-CE, Cortex XDR agent 7.7.3, and all later versions of the Cortex XDR agent."
}
],
"source": {
"defect": [
"CPATR-16806"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-09-14T00:00:00.000Z",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.7",
"Cortex XDR Agent 7.5 CE",
"Cortex XDR Agent 5.0",
"Cortex XDR Agent"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0029",
"datePublished": "2022-09-14T16:35:08.910Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2025-06-04T15:08:32.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0026 (GCVE-0-2022-0026)
Vulnerability from cvelistv5 – Published: 2022-05-11 16:30 – Updated: 2024-09-17 01:26
VLAI?
Title
Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability
Summary
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.
Severity ?
6.7 (Medium)
CWE
- CWE-282 - Improper Ownership Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.7.* without CU-330
Unaffected: 7.7.* with CU-330 Affected: 7.6.* without CU-330 Unaffected: 7.6.* with CU-330 Affected: 7.5 CE 7.5.* without CU-330 Unaffected: 7.5 CE 7.5.* with CU-330 Affected: 7.4.* without CU-330 Unaffected: 7.4.* with CU-330 Affected: 6.1.* without CU-330 Unaffected: 6.1.* with CU-330 Affected: 7.5.* without CU-330 Unaffected: 7.5.* with CU-330 |
Credits
Palo Alto Networks thanks Xavier DANEST of Decathlon and Yasser Alhazmi for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "affected",
"version": "7.7.* without CU-330"
},
{
"status": "unaffected",
"version": "7.7.* with CU-330"
},
{
"status": "affected",
"version": "7.6.* without CU-330"
},
{
"status": "unaffected",
"version": "7.6.* with CU-330"
},
{
"status": "affected",
"version": "7.5 CE 7.5.* without CU-330"
},
{
"status": "unaffected",
"version": "7.5 CE 7.5.* with CU-330"
},
{
"status": "affected",
"version": "7.4.* without CU-330"
},
{
"status": "unaffected",
"version": "7.4.* with CU-330"
},
{
"status": "affected",
"version": "6.1.* without CU-330"
},
{
"status": "unaffected",
"version": "6.1.* with CU-330"
},
{
"status": "affected",
"version": "7.5.* without CU-330"
},
{
"status": "unaffected",
"version": "7.5.* with CU-330"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Xavier DANEST of Decathlon and Yasser Alhazmi for discovering and reporting this issue."
}
],
"datePublic": "2022-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-282",
"description": "CWE-282 Improper Ownership Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:30:25.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0026"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in all Cortex XDR agent versions with content update 330 and later content update versions."
}
],
"source": {
"defect": [
"CPATR-13696",
"CPATR-13873"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-11T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-05-11T16:00:00.000Z",
"ID": "CVE-2022-0026",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "=",
"version_name": "7.7",
"version_value": "7.7.* without CU-330"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.7",
"version_value": "7.7.* with CU-330"
},
{
"platform": "Windows",
"version_affected": "=",
"version_name": "7.6",
"version_value": "7.6.* without CU-330"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.6",
"version_value": "7.6.* with CU-330"
},
{
"platform": "Windows",
"version_affected": "=",
"version_name": "7.5 CE",
"version_value": "7.5.* without CU-330"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.5 CE",
"version_value": "7.5.* with CU-330"
},
{
"platform": "Windows",
"version_affected": "=",
"version_name": "7.4",
"version_value": "7.4.* without CU-330"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.4",
"version_value": "7.4.* with CU-330"
},
{
"platform": "Windows",
"version_affected": "=",
"version_name": "6.1",
"version_value": "6.1.* without CU-330"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "6.1",
"version_value": "6.1.* with CU-330"
},
{
"platform": "Windows",
"version_affected": "=",
"version_name": "7.5",
"version_value": "7.5.* without CU-330"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.5",
"version_value": "7.5.* with CU-330"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Xavier DANEST of Decathlon and Yasser Alhazmi for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-282 Improper Ownership Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0026",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0026"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in all Cortex XDR agent versions with content update 330 and later content update versions."
}
],
"source": {
"defect": [
"CPATR-13696",
"CPATR-13873"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-11T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.7",
"Cortex XDR Agent 7.6",
"Cortex XDR Agent 7.5",
"Cortex XDR Agent 7.4",
"Cortex XDR Agent 7.5 CE",
"Cortex XDR Agent 6.1"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0026",
"datePublished": "2022-05-11T16:30:25.746Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:10.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0025 (GCVE-0-2022-0025)
Vulnerability from cvelistv5 – Published: 2022-05-11 16:30 – Updated: 2024-09-17 02:42
VLAI?
Title
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
Summary
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent.
Severity ?
6.7 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Affected:
7.7 , < 7.7.1.62043 without CU-500
(custom)
|
|||||||
|
|||||||||
Credits
Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "7.7.1.62043",
"status": "unaffected"
}
],
"lessThan": "7.7.1.62043 without CU-500",
"status": "affected",
"version": "7.7",
"versionType": "custom"
}
]
},
{
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.7.* with CU-500"
},
{
"status": "unaffected",
"version": "7.6 all"
},
{
"status": "unaffected",
"version": "7.5 CE all"
},
{
"status": "unaffected",
"version": "7.4 all"
},
{
"status": "unaffected",
"version": "7.5 all"
},
{
"status": "unaffected",
"version": "6.1 all"
},
{
"status": "unaffected",
"version": "5.0 all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue."
}
],
"datePublic": "2022-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:30:24.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.7.0 with content update 500, Cortex XDR agent 7.7.1 build 7.7.1.62043, and all later Cortex XDR agent versions.\n\nEnsure that Cortex XDR agent is upgraded to Cortex XDR agent 7.7.1.62043 or a later build when upgrading Cortex XDR agent to Cortex XDR agent 7.7 to prevent exposure to this vulnerability during the upgrade process."
}
],
"source": {
"defect": [
"CPATR-16696"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-11T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-05-11T16:00:00.000Z",
"ID": "CVE-2022-0025",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.7",
"version_value": "7.7.1.62043 without CU-500"
},
{
"version_affected": "!",
"version_name": "7.7",
"version_value": "7.7.* with CU-500"
},
{
"version_affected": "!",
"version_name": "7.6",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "7.5 CE",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "7.4",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "7.5",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "6.1",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "5.0",
"version_value": "all"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.7",
"version_value": "7.7.1.62043"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks its customers and external security researchers for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0025",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0025"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 7.7.0 with content update 500, Cortex XDR agent 7.7.1 build 7.7.1.62043, and all later Cortex XDR agent versions.\n\nEnsure that Cortex XDR agent is upgraded to Cortex XDR agent 7.7.1.62043 or a later build when upgrading Cortex XDR agent to Cortex XDR agent 7.7 to prevent exposure to this vulnerability during the upgrade process."
}
],
"source": {
"defect": [
"CPATR-16696"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-11T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.7",
"Cortex XDR Agent"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0025",
"datePublished": "2022-05-11T16:30:24.228Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:42:23.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0015 (GCVE-0-2022-0015)
Vulnerability from cvelistv5 – Published: 2022-01-12 17:30 – Updated: 2024-09-17 02:51
VLAI?
Title
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
Summary
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
7.2.*
Unaffected: 7.3.* Unaffected: 7.4.* Unaffected: 7.5.* Unaffected: 7.6.* Affected: 5.0 , < 5.0.12 (custom) Affected: 6.1 , < 6.1.9 (custom) |
Credits
Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.2.*"
},
{
"status": "unaffected",
"version": "7.3.*"
},
{
"status": "unaffected",
"version": "7.4.*"
},
{
"status": "unaffected",
"version": "7.5.*"
},
{
"status": "unaffected",
"version": "7.6.*"
},
{
"changes": [
{
"at": "5.0.12",
"status": "unaffected"
}
],
"lessThan": "5.0.12",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.1.9",
"status": "unaffected"
}
],
"lessThan": "6.1.9",
"status": "affected",
"version": "6.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T17:30:20.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0015"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13405",
"CPATR-9287"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-12T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-0015",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.12"
},
{
"version_affected": "\u003c",
"version_name": "6.1",
"version_value": "6.1.9"
},
{
"version_affected": "!",
"version_name": "7.2",
"version_value": "7.2.*"
},
{
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.12"
},
{
"version_affected": "!\u003e=",
"version_name": "6.1",
"version_value": "6.1.9"
},
{
"version_affected": "!",
"version_name": "7.3",
"version_value": "7.3.*"
},
{
"version_affected": "!",
"version_name": "7.4",
"version_value": "7.4.*"
},
{
"version_affected": "!",
"version_name": "7.5",
"version_value": "7.5.*"
},
{
"version_affected": "!",
"version_name": "7.6",
"version_value": "7.6.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Xavier DANEST of Decathlon for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0015",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0015"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13405",
"CPATR-9287"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-12T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 6.1",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0015",
"datePublished": "2022-01-12T17:30:20.503Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:51:40.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0014 (GCVE-0-2022-0014)
Vulnerability from cvelistv5 – Published: 2022-01-12 17:30 – Updated: 2024-09-16 23:00
VLAI?
Title
Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session
Summary
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.
Severity ?
6.7 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
7.4.*
Unaffected: 7.5.* Unaffected: 7.6.* Affected: 7.2 , < 7.2.4 (custom) Affected: 7.3 , < 7.3.2 (custom) Affected: 5.0 , < 5.0.12 (custom) Affected: 6.1 , < 6.1.9 (custom) |
Credits
This issue was found by Robert McCallum of Palo Alto Networks during an internal security review.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.4.*"
},
{
"status": "unaffected",
"version": "7.5.*"
},
{
"status": "unaffected",
"version": "7.6.*"
},
{
"changes": [
{
"at": "7.2.4",
"status": "unaffected"
}
],
"lessThan": "7.2.4",
"status": "affected",
"version": "7.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.3.2",
"status": "unaffected"
}
],
"lessThan": "7.3.2",
"status": "affected",
"version": "7.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.0.12",
"status": "unaffected"
}
],
"lessThan": "5.0.12",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.1.9",
"status": "unaffected"
}
],
"lessThan": "6.1.9",
"status": "affected",
"version": "6.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T17:30:18.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0014"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-12633"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-12T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-0014",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.2",
"version_value": "7.2.4"
},
{
"version_affected": "\u003c",
"version_name": "7.3",
"version_value": "7.3.2"
},
{
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.12"
},
{
"version_affected": "\u003c",
"version_name": "6.1",
"version_value": "6.1.9"
},
{
"version_affected": "!\u003e=",
"version_name": "7.2",
"version_value": "7.2.4"
},
{
"version_affected": "!\u003e=",
"version_name": "7.3",
"version_value": "7.3.2"
},
{
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.12"
},
{
"version_affected": "!\u003e=",
"version_name": "6.1",
"version_value": "6.1.9"
},
{
"version_affected": "!",
"version_name": "7.4",
"version_value": "7.4.*"
},
{
"version_affected": "!",
"version_name": "7.5",
"version_value": "7.5.*"
},
{
"version_affected": "!",
"version_name": "7.6",
"version_value": "7.6.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0014",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0014"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-12633"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-12T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.3",
"Cortex XDR Agent 7.2",
"Cortex XDR Agent 6.1",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0014",
"datePublished": "2022-01-12T17:30:18.718Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:00:50.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0013 (GCVE-0-2022-0013)
Vulnerability from cvelistv5 – Published: 2022-01-12 17:30 – Updated: 2024-09-16 17:58
VLAI?
Title
Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File
Summary
A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.
Severity ?
5 (Medium)
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
7.4.*
Unaffected: 7.5.* Affected: 7.2 , < 7.2.4 (custom) Affected: 5.0 , < 5.0.12 (custom) Affected: 6.1 , < 6.1.9 (custom) Affected: 7.3 , < 7.3.2 (custom) |
Credits
This issue was found by Robert McCallum of Palo Alto Networks during an internal security review.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.4.*"
},
{
"status": "unaffected",
"version": "7.5.*"
},
{
"changes": [
{
"at": "7.2.4",
"status": "unaffected"
}
],
"lessThan": "7.2.4",
"status": "affected",
"version": "7.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.0.12",
"status": "unaffected"
}
],
"lessThan": "5.0.12",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.1.9",
"status": "unaffected"
}
],
"lessThan": "6.1.9",
"status": "affected",
"version": "6.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.3.2",
"status": "unaffected"
}
],
"lessThan": "7.3.2",
"status": "affected",
"version": "7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T17:30:17.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0013"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13480"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-12T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-0013",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.2",
"version_value": "7.2.4"
},
{
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.12"
},
{
"version_affected": "\u003c",
"version_name": "6.1",
"version_value": "6.1.9"
},
{
"version_affected": "\u003c",
"version_name": "7.3",
"version_value": "7.3.2"
},
{
"version_affected": "!\u003e=",
"version_name": "7.2",
"version_value": "7.2.4"
},
{
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.12"
},
{
"version_affected": "!\u003e=",
"version_name": "6.1",
"version_value": "6.1.9"
},
{
"version_affected": "!",
"version_name": "7.4",
"version_value": "7.4.*"
},
{
"version_affected": "!\u003e=",
"version_name": "7.3",
"version_value": "7.3.2"
},
{
"version_affected": "!",
"version_name": "7.5",
"version_value": "7.5.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Robert McCallum of Palo Alto Networks during an internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538 File and Directory Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0013",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0013"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13480"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-12T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.3",
"Cortex XDR Agent 7.2",
"Cortex XDR Agent 6.1",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0013",
"datePublished": "2022-01-12T17:30:17.158Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:58:02.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0012 (GCVE-0-2022-0012)
Vulnerability from cvelistv5 – Published: 2022-01-12 17:30 – Updated: 2024-09-17 01:55
VLAI?
Title
Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability
Summary
An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.
Severity ?
6.1 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent |
Unaffected:
7.4.*
Unaffected: 7.5.* Unaffected: 7.6.* Affected: 5.0 , < 5.0.12 (custom) Affected: 7.2 , < 7.2.4 (custom) Affected: 7.3 , < 7.3.2 (custom) Affected: 6.1 , < 6.1.9 (custom) |
Credits
Palo Alto Networks thanks Chris Au for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Cortex XDR Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "7.4.*"
},
{
"status": "unaffected",
"version": "7.5.*"
},
{
"status": "unaffected",
"version": "7.6.*"
},
{
"changes": [
{
"at": "5.0.12",
"status": "unaffected"
}
],
"lessThan": "5.0.12",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.2.4",
"status": "unaffected"
}
],
"lessThan": "7.2.4",
"status": "affected",
"version": "7.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.3.2",
"status": "unaffected"
}
],
"lessThan": "7.3.2",
"status": "affected",
"version": "7.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.1.9",
"status": "unaffected"
}
],
"lessThan": "6.1.9",
"status": "affected",
"version": "6.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Chris Au for discovering and reporting this issue."
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T17:30:15.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0012"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13408"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-12T00:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "There is no known workaround available for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-0012",
"STATE": "PUBLIC",
"TITLE": "Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.12"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.12"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.2",
"version_value": "7.2.4"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.2",
"version_value": "7.2.4"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "7.3",
"version_value": "7.3.2"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "7.3",
"version_value": "7.3.2"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.4",
"version_value": "7.4.*"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "6.1",
"version_value": "6.1.9"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "6.1",
"version_value": "6.1.9"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.5",
"version_value": "7.5.*"
},
{
"platform": "Windows",
"version_affected": "!",
"version_name": "7.6",
"version_value": "7.6.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Chris Au for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0012",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0012"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XDR agent 5.0.12, Cortex XDR agent 6.1.9, Cortex XDR agent 7.2.4, Cortex XDR agent 7.3.2, and all later Cortex XDR agent versions."
}
],
"source": {
"defect": [
"CPATR-13408"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-01-12T00:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There is no known workaround available for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XDR Agent 7.3",
"Cortex XDR Agent 7.2",
"Cortex XDR Agent 7.1",
"Cortex XDR Agent 7.0",
"Cortex XDR Agent 6.1",
"Cortex XDR Agent 5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0012",
"datePublished": "2022-01-12T17:30:15.528Z",
"dateReserved": "2021-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:55:48.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}