CVE-2024-9469

Improper Check for Unusual or Exceptional Conditions (CWE-754)

Published: Oct 9, 2024 / Updated: 41d ago

010
CVSS 5.7EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a user with non-administrative privileges to disable the agent. This issue stems from a problem with a detection mechanism in the agent.

Impact

This vulnerability could be exploited by malware to disable the Cortex XDR agent, allowing subsequent malicious activity to go undetected. The impact is primarily on the availability of the security agent, potentially leaving the system exposed to further attacks without proper monitoring or protection.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Palo Alto Networks has released updated versions to address this vulnerability.

Mitigation

1. Update Cortex XDR agent to the latest patched version. 2. For version 7.9-ce, upgrade to version 7.9.102-ce or later. 3. For versions 8.3.0 and 8.4.0, check with Palo Alto Networks for the specific patched versions. 4. Implement the principle of least privilege to limit the number of users with the ability to potentially exploit this vulnerability. 5. Monitor for any suspicious activity or attempts to disable the Cortex XDR agent. 6. Consider implementing additional security controls to detect and prevent unauthorized changes to security software.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9469

Oct 9, 2024 at 5:15 PM
CVSS

A CVSS base score of 5.7 has been assigned.

Oct 9, 2024 at 5:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9469. See article

Oct 9, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 9, 2024 at 5:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 10, 2024 at 10:30 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Oct 15, 2024 at 6:20 PM / nvd
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/cortex_xdr_agent
+null more

Patches

security.paloaltonetworks.com
+null more

References

CVE-2024-9469 Cortex XDR Agent: Local Windows User Can Disable the Agent (Severity: MEDIUM)
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. Palo Alto Networks is not aware of any malicious exploitation of this issue.

News

[no-title]
Prisma Cloud Compute Cortex XDR Agent 8.6
Update Sun Oct 27 14:34:00 UTC 2024
Update Sun Oct 27 14:34:00 UTC 2024
Update Sat Oct 19 22:37:53 UTC 2024
Update Sat Oct 19 22:37:53 UTC 2024
Tageszusammenfassung - 10.10.2024
Project: GutenbergDate: 2024-October-09Security risk: Moderately critical 12 - 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryAffected versions: =3.0.0 Description: This module provides a new UI experience for node editing using the Gutenberg Editor library.The module did not sufficiently protect some routes against a Cross Site Request Forgery attack.This vulnerability is mitigated by the fact that the tricked user needs to have an Project: FacetsDate: 2024-October-09Security risk: Critical 15 - 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: Description: This module enables you to to easily create and manage faceted search interfaces.The module doesnt sufficiently filter for malicious script leading to a reflected cross site scripting (XSS) vulnerability.Solution: Install the latest version:If you use the Facets module, upgrade to Facets
Update Thu Oct 10 14:37:03 UTC 2024
Update Thu Oct 10 14:37:03 UTC 2024
See 11 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI