Palo Alto Networks Security Advisories /CVE-2024-5912CVE-2024-5912 Cortex XDR Agent: Improper File Signature Verification ChecksUrgencyMODERATEResponse EffortMODERATERecoveryUSERValue DensityCONCENTRATEDAttack VectorLOCALAttack ComplexityLOWAttack RequirementsNONEAutomatableNOUser InteractionNONEProduct ConfidentialityNONEProduct IntegrityHIGHProduct AvailabilityNONEPrivileges RequiredLOWSubsequent ConfidentialityNONESubsequent IntegrityNONESubsequent AvailabilityNONENVDJSON Published2024-07-10 Updated2024-07-10ReferenceCPATR-22565DiscoveredexternallyDescriptionAn improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.Product StatusVersionsAffectedUnaffectedCortex XDR Agent 8.4NoneAllCortex XDR Agent 8.3-CENoneAllCortex XDR Agent 8.3NoneAllCortex XDR Agent 8.2< 8.2.2>= 8.2.2Cortex XDR Agent 7.9< 7.9.102-CE>= 7.9.102-CESeverity:MEDIUMCVSSv4.0Base Score:6.8 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber)Exploitation StatusPalo Alto Networks is not aware of any malicious exploitation of this issue.Weakness TypeCWE-347 Improper Verification of Cryptographic SignatureSolutionThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions.AcknowledgmentsPalo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue.Timeline2024-07-10Initial publication
