Palo Alto Networks Security Advisories / CVE-2024-5905

CVE-2024-5905 Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent

Severity 2 · LOW
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector LOCAL
Attack Complexity HIGH
Attack Requirements NONE
Automatable YES
User Interaction NONE
Product Confidentiality NONE
Product Integrity LOW
Product Availability LOW
Privileges Required LOW
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE


A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.

Product Status

Cortex XDR Agent 8.4NoneAll
Cortex XDR Agent 8.3NoneAll
Cortex XDR Agent 8.2< 8.2.1 on Windows>= 8.2.1 on Windows
Cortex XDR Agent 8.1< 8.1.2 on Windows>= 8.1.2 on Windows
Cortex XDR Agent 7.9-CE< 7.9.102-CE on Windows>= 7.9.102-CE on Windows

Severity: LOW

CVSSv4.0 Base Score: 2 (CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-346 Origin Validation Error


This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.


Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.


Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.