| 4.3 | CVE-2025-0121
Cortex XDR Agent: Local Windows User Can Crash the Agent | Cortex XDR Agent 8.7 Cortex XDR Agent 8.6 Cortex XDR Agent 8.5 Cortex XDR Agent 8.3-CE Cortex XDR Agent 7.9-CE | None on Windows < 8.6.1 on Windows < 8.5.2 on Windows < 8.3.101-CE HF on Windows < 7.9.103-CE HF on Windows | All on Windows >= 8.6.1 on Windows >= 8.5.2 on Windows >= 8.3.101-CE HF on Windows >= 7.9.103-CE HF on Windows | 2025-04-09 | 2025-04-09 |
| 4.3 | CVE-2025-0112
Cortex XDR Agent: Local Windows User Can Disable the Agent | Cortex XDR Agent 8.6 Cortex XDR Agent 8.5 Cortex XDR Agent 8.4 Cortex XDR Agent 8.3-CE | None on Windows < 8.5.1 on Windows All on Windows * < 8.3.101-CE on Windows | All on Windows >= 8.5.1 on Windows None on Windows * >= 8.3.101-CE on Windows | 2025-02-12 | 2025-02-12 |
| i | PAN-SA-2024-0014
Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent | | | | 2024-11-07 | 2024-11-07 |
| 5.7 | CVE-2024-9469
Cortex XDR Agent: Local Windows User Can Disable the Agent | Cortex XDR Agent 8.6 Cortex XDR Agent 8.5 Cortex XDR Agent 8.4 Cortex XDR Agent 8.3-CE Cortex XDR Agent 8.3 Cortex XDR Agent 7.9-CE | None None < 8.4.1 on Windows None < 8.3.1 on Windows < 7.9.102-CE on Windows | All All >= 8.4.1 on Windows All >= 8.3.1 on Windows >= 7.9.102-CE on Windows | 2024-10-09 | 2024-10-09 |
| i | CVE-2024-47076
Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products | Cloud NGFW Cortex XDR Cortex XDR Agent Cortex XSIAM Cortex XSOAR GlobalProtect App PAN-OS Prisma Access Prisma Access Browser Prisma Cloud Prisma Cloud Compute Prisma SD-WAN | None None None None None None None None None None None None | All All All All All All All All All All All All | 2024-09-26 | 2024-09-26 |
| 5.6 | CVE-2024-8690
Cortex XDR Agent: Local Windows Administrator Can Disable the Agent | Cortex XDR Agent 8.5 Cortex XDR Agent 8.4 Cortex XDR Agent 8.3-CE Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 7.9.102-CE | | | 2024-09-11 | 2024-09-11 |
| i | CVE-2024-5535
Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119 | | | | 2024-08-22 | 2024-09-04 |
| 6.8 | CVE-2024-5912
Cortex XDR Agent: Improper File Signature Verification Checks | Cortex XDR Agent 8.5 Cortex XDR Agent 8.4 Cortex XDR Agent 8.3-CE Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 7.9-CE | None None None None < 8.2.2 < 7.9.102-CE | All All All All >= 8.2.2 >= 7.9.102-CE | 2024-07-10 | 2024-07-10 |
| 6.8 | CVE-2024-5909
Cortex XDR Agent: Local Windows User Can Disable the Agent | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 7.9-CE | None None < 8.2.1 on Windows < 8.1.2 on Windows < 7.9.102-CE on Windows | All All >= 8.2.1 on Windows >= 8.1.2 on Windows >= 7.9.102-CE on Windows | 2024-06-12 | 2024-06-12 |
| 2 | CVE-2024-5905
Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 7.9-CE | None None < 8.2.1 on Windows < 8.1.2 on Windows < 7.9.102-CE on Windows | All All >= 8.2.1 on Windows >= 8.1.2 on Windows >= 7.9.102-CE on Windows | 2024-06-12 | 2024-06-12 |
| 5.2 | CVE-2024-5907
Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 7.9-CE | None < 8.3.1 on Windows < 8.2.3 on Windows All < 7.9.102-CE on Windows | All >= 8.3.1 on Windows >= 8.2.3 on Windows None >= 7.9.102-CE on Windows | 2024-06-12 | 2024-06-12 |
| i | PAN-SA-2024-0005
Informational Bulletin: Proof of Concept (PoC) Bypasses Protection Modules in Cortex XDR Agent | Cortex XDR Agent 8.4 Cortex XDR Agent 8.3 Cortex XDR Agent 8.2 Cortex XDR Agent 8.1 Cortex XDR Agent 8.0 Cortex XDR Agent 7.9 Cortex XDR Agent 5.0 | < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows < Agents with content update earlier than CU-1320 on Windows All agents on Windows | >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows >= Agents with CU-1320 or a later content update on Windows None | 2024-04-24 | 2024-04-24 |
| i | CVE-2024-3094
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) | | | | 2024-04-01 | 2024-04-01 |
| 0 | CVE-2023-38545
Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546) | | | | 2023-10-12 | 2023-10-31 |
| 0 | CVE-2023-44487
Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) | | | | 2023-10-11 | 2023-10-25 |
| 5.5 | CVE-2023-3280
Cortex XDR Agent: Local Windows User Can Disable the Agent | Cortex XDR Agent 8.1 Cortex XDR Agent 8.0 Cortex XDR Agent 7.9-CE Cortex XDR Agent 7.9 Cortex XDR Agent 7.5-CE Cortex XDR Agent 5.0 | None < 8.0.2 on Windows < 7.9.101-CE on Windows < 7.9.3 on Windows All on Windows All on Windows | All >= 8.0.2 with CU-1000 or a later content update on Windows >= 7.9.101-CE with CU-1000 or a later content update on Windows >= 7.9.3 with CU-1000 or a later content update on Windows None on Windows None on Windows | 2023-09-13 | 2023-09-22 |
| i | PAN-SA-2023-0003
Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) | | | | 2023-06-16 | 2023-06-20 |
| i | PAN-SA-2023-0002
Informational Bulletin: Impact of Rorschach Ransomware | Cortex XDR Agent 5.0 Cortex XDR Agent 7.5 CE Cortex XDR Agent 7.8 Cortex XDR Agent 7.9 CE Cortex XDR Agent 8.0 | All agents on Windows All agents on Windows < Agents with content update earlier than CU-240 on Windows < Agents with content update earlier than CU-240 on Windows < Agents with content update earlier than CU-240 on Windows | None None >= Agents with CU-240 or a later content update on Windows >= Agents with CU-240 or a later content update on Windows >= Agents with CU-240 or a later content update on Windows | 2023-04-04 | 2023-04-12 |
| 0 | PAN-SA-2023-0001
Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 | | | | 2023-02-08 | 2023-02-08 |
| 5.5 | CVE-2023-0002
Cortex XDR Agent: Product Disruption by Local Windows User | Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.5 Cortex XDR Agent 5.0 | None None < 7.5.101-CE on Windows < 5.0.12.22203 on Windows | All All >= 7.5.101-CE on Windows >= 5.0.12.22203 on Windows | 2023-02-08 | 2023-02-08 |
| 6 | CVE-2023-0001
Cortex XDR Agent: Cleartext Exposure of Agent Admin Password | Cortex XDR Agent 7.9 Cortex XDR Agent 7.8 Cortex XDR Agent 7.5 Cortex XDR Agent 5.0 | None None < 7.5.101-CE on Windows None | All All >= 7.5.101-CE on Windows All | 2023-02-08 | 2023-02-08 |
| 0 | PAN-SA-2022-0007
Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 | | | | 2022-12-23 | 2022-12-23 |
| 0 | CVE-2022-42889
Impact of Apache Text Commons Vulnerability CVE-2022-42889 | | | | 2022-11-09 | 2022-11-09 |
| 0 | PAN-SA-2022-0006
Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602 | | | | 2022-10-31 | 2022-11-09 |
| i | PAN-SA-2022-0005
Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator | | All agents with a content update earlier than CU-860 on Windows | All agents with CU-860 or a later content update | 2022-09-14 | 2023-03-08 |