CVE-2024-5905

MEDIUM

Paloaltonetworks Cortex Xdr Agent < 7.9.102 - Origin Validation Error

Title source: rule

Description

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.

References (1)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2024-5905

Scores

CVSS v3 4.4

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-346

Status published

Products (2)

paloaltonetworks/cortex_xdr_agent 7.9.0 - 7.9.102

paloaltonetworks/cortex_xdr_agent 8.1 - 8.1.2

Published Jun 12, 2024

Tracked Since Feb 18, 2026