Palo Alto Networks Security Advisories /CVE-2024-5905CVE-2024-5905 Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the AgentUrgencyMODERATEResponse EffortMODERATERecoveryUSERValue DensityDIFFUSEAttack VectorLOCALAttack ComplexityHIGHAttack RequirementsNONEAutomatableYESUser InteractionNONEProduct ConfidentialityNONEProduct IntegrityLOWProduct AvailabilityLOWPrivileges RequiredLOWSubsequent ConfidentialityNONESubsequent IntegrityNONESubsequent AvailabilityNONENVDJSON Published2024-06-12 Updated2024-06-12ReferenceCPATR-21727DiscoveredexternallyDescriptionA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.Product StatusVersionsAffectedUnaffectedCortex XDR Agent 8.4NoneAllCortex XDR Agent 8.3NoneAllCortex XDR Agent 8.2< 8.2.1 on Windows>= 8.2.1 on WindowsCortex XDR Agent 8.1< 8.1.2 on Windows>= 8.1.2 on WindowsCortex XDR Agent 7.9-CE< 7.9.102-CE on Windows>= 7.9.102-CE on WindowsSeverity:LOWCVSSv4.0Base Score:2 (CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber)Exploitation StatusPalo Alto Networks is not aware of any malicious exploitation of this issue.Weakness TypeCWE-346 Origin Validation ErrorSolutionThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.AcknowledgmentsPalo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.Timeline2024-06-12Initial publication
