Platform
windows
Component
cortex-xdr-agent
Fixed in
7.9.102-CE
8.1.1
8.2.3
8.3.1
CVE-2024-5907 describes a privilege escalation vulnerability affecting the Palo Alto Networks Cortex XDR agent for Windows. This flaw allows a local user to potentially execute programs with elevated privileges, though exploitation requires successfully exploiting a race condition, making it challenging. The vulnerability impacts versions of the Cortex XDR agent up to and including 8.4.0. Palo Alto Networks has advised users to upgrade to a patched version to address this issue.
Successful exploitation of CVE-2024-5907 could grant an attacker elevated privileges on a compromised Windows system running the Cortex XDR agent. This could allow them to bypass security controls, install malware, access sensitive data, and potentially move laterally within the network. While the race condition requirement makes exploitation difficult, a determined attacker with sufficient access and knowledge could potentially achieve significant compromise. The potential impact includes data exfiltration, system takeover, and disruption of operations.
CVE-2024-5907 is currently not listed on the CISA KEV catalog. The EPSS score is pending evaluation. Public proof-of-concept (POC) code is not currently available, which contributes to the difficulty of exploitation. The vulnerability was publicly disclosed on 2024-06-12.
Exploit Status
EPSS
0.08% (25% percentile)
CISA SSVC
The primary mitigation for CVE-2024-5907 is to upgrade the Palo Alto Networks Cortex XDR agent to a version that includes the fix. Palo Alto Networks has not released a specific fixed version in the provided data. Until a fixed version is available, consider implementing stricter local account privilege controls and monitoring for suspicious process execution. Review and harden existing security policies to minimize the potential impact of a successful exploit. After upgrading, confirm the agent version to ensure the fix has been applied successfully by checking the agent's 'About' section.
Actualice el agente Cortex XDR a la última versión disponible. Específicamente, asegúrese de que la versión sea 7.9.102-CE o superior, 8.2.3 o superior, o 8.3.1 o superior. Esto mitigará la vulnerabilidad de escalada de privilegios.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-5907 is a vulnerability in the Palo Alto Networks Cortex XDR agent for Windows that allows a local user to potentially gain elevated privileges by exploiting a race condition.
You are potentially affected if you are running Palo Alto Networks Cortex XDR agent version 8.4.0 or earlier on Windows systems.
Upgrade the Cortex XDR agent to a version that includes the fix. Check Palo Alto Networks' security advisories for the latest fixed version.
There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants prompt mitigation.
Refer to the Palo Alto Networks security advisory page for the latest information and updates regarding CVE-2024-5907.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.