CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
|Cortex XDR Agent 8.1||None||All|
|Cortex XDR Agent 8.0||< 8.0.2 on Windows||>= 8.0.2 with CU-1000 or a later content update on Windows|
|Cortex XDR Agent 7.9-CE||< 7.9.101-CE on Windows||>= 7.9.101-CE with CU-1000 or a later content update on Windows|
|Cortex XDR Agent 7.9||< 7.9.3 on Windows||>= 7.9.3 with CU-1000 or a later content update on Windows|
|Cortex XDR Agent 7.5-CE||All on Windows|
|Cortex XDR Agent 5.0||All on Windows|
CVSSv3.1 Base Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Palo Alto Networks is not aware of any malicious exploitation of this issue.
This issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions on Windows when the agent has content update 1000 or a later content update version.