CVE-2024-5912 MEDIUM

CVE-2024-5912: Cortex XDR Agent: Improper File Signature Verification Checks

Vendor Palo Alto Networks
Product Cortex XDR Agent
Weakness CWE-347
Published July 10, 2024
Last update August 1, 2024

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.

Key dates

02Disclosure timeline

July 10, 2024 CVE published
August 1, 2024 Record updated