CVE-2023-3280: CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent

Palo Alto Networks Security Advisories / CVE-2023-3280

Attack Vector LOCAL

Scope UNCHANGED

Attack Complexity LOW

Confidentiality Impact NONE

Privileges Required LOW

Integrity Impact NONE

User Interaction NONE

Availability Impact HIGH

NVD JSON

Published 2023-09-13

Updated 2023-09-13

Reference CPATR-19884

Discovered externally

Description

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.

Product Status

Versions

Affected

Unaffected

Cortex XDR Agent 8.1

None

All

Cortex XDR Agent 8.0

< 8.0.2 on Windows

>= 8.0.2

Cortex XDR Agent 7.9-CE

< 7.9.101-CE on Windows

>= 7.9.101-CE

Cortex XDR Agent 7.9

< 7.9.3 on Windows

>= 7.9.3

Cortex XDR Agent 7.5-CE

All on Windows

Cortex XDR Agent 5.0

All on Windows

Severity:MEDIUM

CVSSv3.1 Base Score:5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-755 Improper Handling of Exceptional Conditions

Solution

This issue is fixed in Cortex XDR agent 7.9.101-CE, Cortex XDR agent 7.9.3, Cortex XDR agent 8.0.2, and all later Cortex XDR agent versions.

Acknowledgments

Palo Alto Networks thanks Manuel Feifel of InfoGuard AG for discovering and reporting this issue.

Timeline

2023-09-13 Initial publication