CVE-2024-8690: Admin-Privilege Enable Agent Disable in Palo Alto XDR for Windows
CVE-2024-8690 Published on September 11, 2024
Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Timeline
Initial publication
Weakness Type
Expected Behavior Violation
A feature, API, or function does not perform according to its specification.
Products Associated with CVE-2024-8690
Want to know whenever a new CVE is published for Palo Alto Networks Cortex Xdr Agent? stack.watch will email you.
Affected Versions
Palo Alto Networks Cortex XDR Agent:- Version 8.5 is unaffected.
- Version 8.4 is unaffected.
- Version 8.3 is unaffected.
- Version 8.3-CE is unaffected.
- Version 8.2 is unaffected.
- Version 7.9.102-CE is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.