CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3280 – Cortex XDR Agent: Local Windows User Can Disable the Agent
https://notcve.org/view.php?id=CVE-2023-3280
13 Sep 2023 — A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent. Un problema con un mecanismo de protección en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un usuario local desactivar el agente. • https://github.com/ig-labs/EDR-ALPC-Block-POC • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0002 – Cortex XDR Agent: Product Disruption by Local Windows User
https://notcve.org/view.php?id=CVE-2023-0002
08 Feb 2023 — A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. • https://security.paloaltonetworks.com/CVE-2023-0002 • CWE-693: Protection Mechanism Failure •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0029 – Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
https://notcve.org/view.php?id=CVE-2022-0029
14 Sep 2022 — An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file. Una vulnerabilidad de resolución de enlaces inapropiada en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un atacante local leer archivos en el sistema con altos privilegios cuando es generado un archivo de soporte técnico • https://security.paloaltonetworks.com/CVE-2022-0029 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 39EXPL: 0CVE-2022-0026 – Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2022-0026
11 May 2022 — A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version. Se presenta una vulnerabilidad de escalada de privilegios (PE) local en el software Cortex XDR agent de Palo Alto Networks ... • https://security.paloaltonetworks.com/CVE-2022-0026 • CWE-282: Improper Ownership Management •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-0014 – Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session
https://notcve.org/view.php?id=CVE-2022-0014
12 Jan 2022 — An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions ear... • https://security.paloaltonetworks.com/CVE-2022-0014 • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-0013 – Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File
https://notcve.org/view.php?id=CVE-2022-0013
12 Jan 2022 — A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR age... • https://security.paloaltonetworks.com/CVE-2022-0013 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-0012 – Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2022-0012
12 Jan 2022 — An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versio... • https://security.paloaltonetworks.com/CVE-2022-0012 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3042 – Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-3042
15 Jul 2021 — A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a la... • https://security.paloaltonetworks.com/CVE-2021-3042 • CWE-427: Uncontrolled Search Path Element •