PT-2021-18727 · Palo Alto Networks · Cortex Xdr Agent
Robert Mccallum
·
Published
2021-06-10
·
Updated
2021-06-23
·
CVE-2021-3041
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Palo Alto Networks Cortex XDR agent versions prior to 5.0.11
Palo Alto Networks Cortex XDR agent versions prior to 6.1.8
Palo Alto Networks Cortex XDR agent versions prior to 7.2.3
Palo Alto Networks Cortex XDR agent 7.2 without content update release 171 or later
Description
A local privilege escalation issue exists in the Palo Alto Networks Cortex XDR agent on Windows platforms, allowing an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values.
Recommendations
For Cortex XDR agent versions prior to 5.0.11, update to version 5.0.11 or later.
For Cortex XDR agent versions prior to 6.1.8, update to version 6.1.8 or later.
For Cortex XDR agent versions prior to 7.2.3, update to version 7.2.3 or later.
For Cortex XDR agent 7.2, apply content update release 171 or a later version.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cortex Xdr Agent