CVE-2024-5909 MEDIUM

CVE-2024-5909: Cortex XDR Agent: Local Windows User Can Disable the Agent

Vendor Palo Alto Networks
Product Cortex XDR Agent
Weakness CWE-269
Published June 12, 2024
Last update August 1, 2024

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

What the vulnerability does

01Description

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

Key dates

02Disclosure timeline

June 12, 2024 CVE published
August 1, 2024 Record updated