CVE-2024-5912

An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.

CVSS

No CVSS.

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-5912

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-10 19:15

Updated : 2024-07-11 13:05

NVD link : CVE-2024-5912

Mitre link : CVE-2024-5912

CVE.ORG link : CVE-2024-5912

JSON object : View

Products Affected

No product.

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2024-5912", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "USER", "baseScore": 6.8, "automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-10T19:15:11.697", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5912", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."}, {"lang": "es", "value": "Una verificaci\u00f3n incorrecta de la firma del archivo en el agente Cortex XDR de Palo Alto Networks puede permitir a un atacante omitir las capacidades de bloqueo de ejecutables del agente Cortex XDR y ejecutar ejecutables que no son de confianza en el dispositivo. Este problema se puede aprovechar para ejecutar software que no es de confianza sin ser detectado ni bloqueado."}], "lastModified": "2024-07-11T13:05:54.930", "sourceIdentifier": "psirt@paloaltonetworks.com"}

CVE-2024-5912

JSON object

Attach tags to CVE-2024-5912

Attach tags to `CVE-2024-5912`