CVE-2024-5907 - Vulnerability Details - OpenCVE

A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks	Cortex Xdr Agent

Configuration 1 [-]

OR	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:::::critical_environment:::*
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2024-5907

History

Wed, 07 Aug 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Paloaltonetworks Paloaltonetworks cortex Xdr Agent
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:::::::: cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:::::critical_environment:::*
Vendors & Products		Paloaltonetworks Paloaltonetworks cortex Xdr Agent
Metrics		cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2024-06-12T16:26:39.742Z

Updated: 2024-08-01T21:25:03.047Z

Reserved: 2024-06-12T15:27:55.262Z

Link: CVE-2024-5907

Vulnrichment

Updated: 2024-08-01T21:25:03.047Z

NVD

Status : Modified

Published: 2024-06-12T17:15:53.127

Modified: 2024-11-21T09:48:33.463

Link: CVE-2024-5907

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5907", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-06-12T15:27:55.262Z", "datePublished": "2024-06-12T16:26:39.742Z", "dateUpdated": "2024-08-01T21:25:03.047Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "7.9.102-CE", "status": "unaffected"}], "lessThan": "7.9.102-CE", "status": "affected", "version": "7.9-CE", "versionType": "custom"}, {"status": "affected", "version": "8.1.0"}, {"changes": [{"at": "8.2.3", "status": "unaffected"}], "lessThan": "8.2.3", "status": "affected", "version": "8.2.0", "versionType": "custom"}, {"changes": [{"at": "8.3.1", "status": "unaffected"}], "lessThan": "8.3.1", "status": "affected", "version": "8.3.0", "versionType": "custom"}, {"status": "unaffected", "version": "8.4.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue."}], "datePublic": "2024-06-12T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.</p>"}], "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.2, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-06-12T16:26:39.742Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5907"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.</p>"}], "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."}], "source": {"defect": ["CPATR-23348"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-06-12T16:00:00.000Z", "value": "Initial publication"}], "title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability", "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "x_legacyV4Record": {"CNA_private": {"Current-Status": "Verify with Alain how they want to be acknowledged", "Priority": "normal", "STATE": "review", "TYPE": "advisory", "affectsSummary": {"affected": ["None", "< 8.3.1 on Windows", "< 8.2.3 on Windows", "All", "< 7.9.102-CE on Windows"], "appliesTo": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "product_versions": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "unaffected": ["All", ">= 8.3.1 on Windows", ">= 8.2.3 on Windows", "None", ">= 7.9.102-CE on Windows"], "unknown": ["", "", "", "", ""]}, "owner": "abaishya", "publish": {"month": "06", "year": "2024", "ym": "2024-06"}, "share_with_CVE": true, "show_cvss": true}, "CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2024-06-12T16:00:00.000Z", "ID": "CVE-2023-case-CPATR-23348", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XDR Agent", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_name": "7.9-CE", "version_value": "7.9.102-CE"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "7.9-CE", "version_value": "7.9.102-CE"}, {"platform": "Windows", "version_affected": "<", "version_name": "8.2", "version_value": "8.2.3"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "8.2", "version_value": "8.2.3"}, {"platform": "Windows", "version_affected": "<", "version_name": "8.3", "version_value": "8.3.1"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "8.3", "version_value": "8.3.1"}, {"version_affected": "=", "version_name": "8.4", "version_value": "None"}, {"version_affected": "!", "version_name": "8.4", "version_value": "All"}, {"version_affected": "=", "version_name": "8.1", "version_value": "All"}, {"version_affected": "!", "version_name": "8.1", "version_value": "None"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "vulnogram 0.1.0-rc1"}, "impact": {"cvss": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.2, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "references": {"reference_data": [{"refsource": "CONFIRM", "url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."}], "source": {"defect": ["CPATR-23348"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-06-12T00:00:00", "value": "Initial publication"}], "x_advisoryEoL": false}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2023-11-08T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-5907"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-14T03:56:05.821Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.047Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2024-5907"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5907", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.047Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5907", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T17:59:52.437327Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T17:59:56.408Z"}}], "cna": {"title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability", "source": {"defect": ["CPATR-23348"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.2, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XDR Agent", "versions": [{"status": "affected", "changes": [{"at": "7.9.102-CE", "status": "unaffected"}], "version": "7.9-CE", "lessThan": "7.9.102-CE", "versionType": "custom"}, {"status": "affected", "version": "8.1.0"}, {"status": "affected", "changes": [{"at": "8.2.3", "status": "unaffected"}], "version": "8.2.0", "lessThan": "8.2.3", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.3.1", "status": "unaffected"}], "version": "8.3.0", "lessThan": "8.3.1", "versionType": "custom"}, {"status": "unaffected", "version": "8.4.0"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-06-12T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.", "supportingMedia": [{"type": "text/html", "value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.</p>", "base64": false}]}], "datePublic": "2024-06-12T07:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5907", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "descriptions": [{"lang": "en", "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.", "supportingMedia": [{"type": "text/html", "value": "<p>A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-06-12T16:26:39.742Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."}], "impact": {"cvss": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.2, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}}, "source": {"defect": ["CPATR-23348"], "discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"platform": "Windows", "version_name": "7.9-CE", "version_value": "7.9.102-CE", "version_affected": "<"}, {"platform": "Windows", "version_name": "7.9-CE", "version_value": "7.9.102-CE", "version_affected": "!>="}, {"platform": "Windows", "version_name": "8.2", "version_value": "8.2.3", "version_affected": "<"}, {"platform": "Windows", "version_name": "8.2", "version_value": "8.2.3", "version_affected": "!>="}, {"platform": "Windows", "version_name": "8.3", "version_value": "8.3.1", "version_affected": "<"}, {"platform": "Windows", "version_name": "8.3", "version_value": "8.3.1", "version_affected": "!>="}, {"version_name": "8.4", "version_value": "None", "version_affected": "="}, {"version_name": "8.4", "version_value": "All", "version_affected": "!"}, {"version_name": "8.1", "version_value": "All", "version_affected": "="}, {"version_name": "8.1", "version_value": "None", "version_affected": "!"}]}, "product_name": "Cortex XDR Agent"}]}, "vendor_name": "Palo Alto Networks"}]}}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."}], "timeline": [{"lang": "en", "time": "2024-06-12T00:00:00", "value": "Initial publication"}], "data_type": "CVE", "generator": {"engine": "vulnogram 0.1.0-rc1"}, "references": {"reference_data": [{"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348", "refsource": "CONFIRM"}]}, "CNA_private": {"TYPE": "advisory", "STATE": "review", "owner": "abaishya", "publish": {"ym": "2024-06", "year": "2024", "month": "06"}, "Priority": "normal", "show_cvss": true, "Current-Status": "Verify with Alain how they want to be acknowledged", "affectsSummary": {"unknown": ["", "", "", "", ""], "affected": ["None", "< 8.3.1 on Windows", "< 8.2.3 on Windows", "All", "< 7.9.102-CE on Windows"], "appliesTo": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "unaffected": ["All", ">= 8.3.1 on Windows", ">= 8.2.3 on Windows", "None", ">= 7.9.102-CE on Windows"], "product_versions": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"]}, "share_with_CVE": true}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-case-CPATR-23348", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability", "ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2024-06-12T16:00:00.000Z"}, "x_advisoryEoL": false}}}, "cveMetadata": {"cveId": "CVE-2024-5907", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:03.047Z", "dateReserved": "2024-06-12T15:27:55.262Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-06-12T16:26:39.742Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:*:*:*", "matchCriteriaId": "E7510DB5-E41B-484D-8BE8-12F7BECA18C6", "versionEndExcluding": "7.9.102", "versionStartIncluding": "7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "84B436C7-8804-4860-BA71-F9052BD339F6", "versionEndExcluding": "8.2.3", "versionStartIncluding": "8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "12439BD7-6910-403C-B970-AE14A841DEBD", "versionEndExcluding": "8.3.1", "versionStartIncluding": "8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."}, {"lang": "es", "value": "Una vulnerabilidad de escalada de privilegios (PE) en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un usuario local ejecutar programas con privilegios elevados. Sin embargo, la ejecuci\u00f3n requiere que el usuario local aproveche con \u00e9xito una condici\u00f3n de ejecuci\u00f3n, lo que hace que esta vulnerabilidad sea dif\u00edcil de explotar."}], "id": "CVE-2024-5907", "lastModified": "2024-11-21T09:48:33.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2024-06-12T17:15:53.127", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5907"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}