CVE-2021-3041

Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version.

Se presenta una vulnerabilidad de escalada de privilegios local en el agente Palo Alto Networks Cortex XDR agent en plataformas Windows que permite a un usuario local de Windows autenticado ejecutar programas con privilegios SYSTEM. Esto requiere que el usuario tenga el privilegio de crear archivos en el directorio root de Windows o de manipular valores clave del registro. Este problema afecta: Cortex XDR agent versiones 5.0 versiones anteriores a Cortex XDR agent 5.0.11; Cortex XDR agent versiones 6.1 versiones anteriores a Cortex XDR agent 6.1.8; Cortex XDR agent versiones 7.2 versiones anteriores a Cortex XDR agent 7.2.3; Todas las versiones de Cortex XDR agent 7.2 sin la versión de actualización de contenidos 171 o una versión posterior

*Credits: This issue was found by Robert McCallum of Palo Alto Networks during internal security review.

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-06 CVE Reserved
2021-06-10 CVE Published
2023-03-08 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-427: Uncontrolled Search Path Element

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://security.paloaltonetworks.com/CVE-2021-3041	2021-06-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Paloaltonetworks Search vendor "Paloaltonetworks"	Cortex Xdr Agent Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent"	>= 5.0 < 5.0.11 Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" and version " >= 5.0 < 5.0.11"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Paloaltonetworks Search vendor "Paloaltonetworks"	Cortex Xdr Agent Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent"	>= 6.1 < 6.1.8 Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" and version " >= 6.1 < 6.1.8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Paloaltonetworks Search vendor "Paloaltonetworks"	Cortex Xdr Agent Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent"	>= 7.2 < 7.2.3 Search vendor "Paloaltonetworks" for product "Cortex Xdr Agent" and version " >= 7.2 < 7.2.3"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe