CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8690 – Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
https://notcve.org/view.php?id=CVE-2024-8690
11 Sep 2024 — A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. • https://security.paloaltonetworks.com/CVE-2024-8690 • CWE-440: Expected Behavior Violation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3280 – Cortex XDR Agent: Local Windows User Can Disable the Agent
https://notcve.org/view.php?id=CVE-2023-3280
13 Sep 2023 — A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent. Un problema con un mecanismo de protección en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un usuario local desactivar el agente. • https://github.com/ig-labs/EDR-ALPC-Block-POC • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0002 – Cortex XDR Agent: Product Disruption by Local Windows User
https://notcve.org/view.php?id=CVE-2023-0002
08 Feb 2023 — A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. • https://security.paloaltonetworks.com/CVE-2023-0002 • CWE-693: Protection Mechanism Failure •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0001 – Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
https://notcve.org/view.php?id=CVE-2023-0001
08 Feb 2023 — An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. • https://security.paloaltonetworks.com/CVE-2023-0001 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0029 – Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
https://notcve.org/view.php?id=CVE-2022-0029
14 Sep 2022 — An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file. Una vulnerabilidad de resolución de enlaces inapropiada en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un atacante local leer archivos en el sistema con altos privilegios cuando es generado un archivo de soporte técnico • https://security.paloaltonetworks.com/CVE-2022-0029 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 39EXPL: 0CVE-2022-0026 – Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2022-0026
11 May 2022 — A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version. Se presenta una vulnerabilidad de escalada de privilegios (PE) local en el software Cortex XDR agent de Palo Alto Networks ... • https://security.paloaltonetworks.com/CVE-2022-0026 • CWE-282: Improper Ownership Management •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0025 – Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2022-0025
11 May 2022 — A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or ... • https://security.paloaltonetworks.com/CVE-2022-0025 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0015 – Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2022-0015
12 Jan 2022 — A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9. Se presenta una vulnerabilidad de escalada de privilegios (PE) local en el agente Cortex XDR de Palo Alto Networks que permite a un usuario local autenticado ejecutar progr... • https://security.paloaltonetworks.com/CVE-2022-0015 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-0014 – Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session
https://notcve.org/view.php?id=CVE-2022-0014
12 Jan 2022 — An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions ear... • https://security.paloaltonetworks.com/CVE-2022-0014 • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-0013 – Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File
https://notcve.org/view.php?id=CVE-2022-0013
12 Jan 2022 — A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR age... • https://security.paloaltonetworks.com/CVE-2022-0013 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •