Robert Mccallum

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Cortex XDR agent (affected versions not specified) **Description** An information exposure issue in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext. This could be used by bad actors to execute privileged `cytool` commands, potentially disabling or uninstalling the agent. The vulnerability is related to the storage of data in an open manner, which can allow an attacker to gain unauthorized access to protected information and execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cortex XDR Agent versions (affected versions not specified) **Description** The issue is related to a problem with a protection mechanism in the Cortex XDR agent on Windows devices, allowing a local user to execute privileged commands. This can enable an attacker to disable or uninstall the agent, potentially leading to the execution of arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Cortex XDR agent versions earlier than 5.0.12 Palo Alto Networks Cortex XDR agent versions earlier than 6.1.9 Palo Alto Networks Cortex XDR agent versions earlier than 7.2.4 Palo Alto Networks Cortex XDR agent versions earlier than 7.3.2 **Description** A file information exposure issue exists in the Palo Alto Networks Cortex XDR agent, allowing a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. **Recommendations** For versions earlier than 5.0.12, update to version 5.0.12 or later. For versions earlier than 6.1.9, update to version 6.1.9 or later. For versions earlier than 7.2.4, update to version 7.2.4 or later. For versions earlier than 7.3.2, update to version 7.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** Cortex XDR agent versions prior to 5.0.12 Cortex XDR agent versions prior to 6.1.9 Cortex XDR agent versions prior to 7.2.4 Cortex XDR agent versions prior to 7.3.2 **Description** An untrusted search path issue exists in the Palo Alto Networks Cortex XDR agent, allowing a local attacker with file creation privilege in the Windows root directory to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. **Recommendations** For versions prior to 5.0.12, update to version 5.0.12 or later. For versions prior to 6.1.9, update to version 6.1.9 or later. For versions prior to 7.2.4, update to version 7.2.4 or later. For versions prior to 7.3.2, update to version 7.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Cortex XDR agent versions prior to 5.0.11 Palo Alto Networks Cortex XDR agent versions prior to 6.1.8 Palo Alto Networks Cortex XDR agent versions prior to 7.2.3 Palo Alto Networks Cortex XDR agent 7.2 without content update release 171 or later **Description** A local privilege escalation issue exists in the Palo Alto Networks Cortex XDR agent on Windows platforms, allowing an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. **Recommendations** For Cortex XDR agent versions prior to 5.0.11, update to version 5.0.11 or later. For Cortex XDR agent versions prior to 6.1.8, update to version 6.1.8 or later. For Cortex XDR agent versions prior to 7.2.3, update to version 7.2.3 or later. For Cortex XDR agent 7.2, apply content update release 171 or a later version.