FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-5907

Improper Privilege Management (CWE-269)

Published: Jun 12, 2024 / Updated: 5mo ago

010
CVSS 5.2EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.

Impact

If successfully exploited, this vulnerability could allow a local attacker to gain higher privileges on the compromised system. This could potentially give them more access and control over the machine, leading to further attacks, data theft, or system misuse. The vulnerability affects the integrity, confidentiality, and availability of the system, all rated as "HIGH" in the CVSS v3.1 scoring.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available for this vulnerability. Palo Alto Networks has released security updates to address CVE-2024-5907. The patch details can be found at https://security.paloaltonetworks.com/CVE-2024-5907.

Mitigation

To mitigate this vulnerability: 1. Apply the latest software updates from Palo Alto Networks that address CVE-2024-5907. 2. Implement the principle of least privilege by limiting user privileges. 3. Monitor systems for any suspicious activity. 4. Ensure that only necessary versions of the Cortex XDR agent are in use, specifically avoiding versions 7.9 (before 7.9.102), 8.1 (before 8.2.3), and 8.3 (before 8.3.1) which are known to be vulnerable.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber

Timeline

CVE Assignment

NVD published the first details for CVE-2024-5907

Jun 12, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-5907. See article

Jun 12, 2024 at 5:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jun 12, 2024 at 5:21 PM
Trending

This CVE started to trend in security discussions

Jun 12, 2024 at 9:20 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9%)

Jun 13, 2024 at 3:51 PM
Trending

This CVE stopped trending in security discussions

Jun 14, 2024 at 1:40 AM
CVSS

A CVSS base score of 7 has been assigned.

Aug 7, 2024 at 5:00 PM / nvd
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/cortex_xdr_agent
+null more

Patches

security.paloaltonetworks.com
+null more

Links to Mitre Att&cks

T1548: Abuse Elevation Control Mechanism
+null more

Attack Patterns

CAPEC-122: Privilege Abuse
+null more

References

CVE-2024-5907 Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM)
Palo Alto Networks Security Advisories / 5mo
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. CVE-2024-5907 Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability

News

[no-title]
Palo Alto Networks Security Advisories / 3mo
GlobalProtect app on Windows and macOS < 6.1.3 on Windows and macOS, None on Android and iOS, < 6.1.3 on Linux
Improper privilege management Palo Alto Networks Cortex XDR agent
Security feed from CyberSecurity Help / 4mo
The vulnerability allows a local user to escalate privileges. No. This vulnerability can be exploited locally.
[CERT-daily] Tageszusammenfassung - 13.06.2024
Daily June 2024 Archive / 5mo
https://www.bleepingcomputer.com/news/security/phishing-emails-abuse-windows-search-protocol-to-push-malicious-scripts/ [..] In June 2022, security researchers devised a potent attack chain that also exploited a Microsoft Office flaw to launch searches directly from Word documents.
CVE-2024-5907
Newest CVEs from Tenable / 5mo
High Severity Description A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit. Read more at https://www.tenable.com/cve/CVE-2024-5907
NA - CVE-2024-5907 - A privilege escalation (PE) vulnerability in...
Security-Database Alerts Monitor : Last 100 Alerts / 5mo
However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit. A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges.
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:High
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7(51562)CWE-269(2761)Paloaltonetworks(287)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial