Palo Alto Networks Security Advisories /CVE-2024-5907CVE-2024-5907 Cortex XDR Agent: Local Privilege Escalation (PE) VulnerabilityUrgencyMODERATEResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack VectorLOCALAttack ComplexityHIGHAttack RequirementsNONEAutomatableNOUser InteractionNONEProduct ConfidentialityNONEProduct IntegrityLOWProduct AvailabilityNONEPrivileges RequiredLOWSubsequent ConfidentialityHIGHSubsequent IntegrityHIGHSubsequent AvailabilityHIGHNVDJSON Published2024-06-12 Updated2024-06-12ReferenceCPATR-23348DiscoveredexternallyDescriptionA privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.Product StatusVersionsAffectedUnaffectedCortex XDR Agent 8.4NoneAllCortex XDR Agent 8.3< 8.3.1 on Windows>= 8.3.1 on WindowsCortex XDR Agent 8.2< 8.2.3 on Windows>= 8.2.3 on WindowsCortex XDR Agent 8.1AllNoneCortex XDR Agent 7.9-CE< 7.9.102-CE on Windows>= 7.9.102-CE on WindowsSeverity:MEDIUMCVSSv4.0Base Score:5.2 (CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber)Exploitation StatusPalo Alto Networks is not aware of any malicious exploitation of this issue.Weakness TypeCWE-269 Improper Privilege ManagementSolutionThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.AcknowledgmentsPalo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue.Timeline2024-06-12Initial publication
