CVE-2024-5909

MEDIUM

Cortex XDR Agent 7.9-7.9.101 and 8.1-8.1.1 - Local Privilege Escalation via Agent Disabling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-5909. PoCs published by ig-labs.

AI-analyzed exploit summary This PoC demonstrates a denial-of-service (DoS) vulnerability in Windows EDR agents by registering an ALPC port before the EDR initializes, causing the EDR's user-mode components to crash. The exploit requires a system reboot and low-privileged user access to execute.

Description

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

Exploits (1)

nomisec WORKING POC 33 stars
by ig-labs · poc
https://github.com/ig-labs/EDR-ALPC-Block-POC

This PoC demonstrates a denial-of-service (DoS) vulnerability in Windows EDR agents by registering an ALPC port before the EDR initializes, causing the EDR's user-mode components to crash. The exploit requires a system reboot and low-privileged user access to execute.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Windows EDR agents (e.g., Palo Alto Networks Cortex)
No auth needed
Prerequisites: Low-privileged user access · System reboot · Early startup execution (e.g., scheduled task)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://security.paloaltonetworks.com/CVE-2024-5909

Scores

CVSS v3 5.5
EPSS 0.0041
EPSS Percentile 32.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-269
Status published
Products (2)
paloaltonetworks/cortex_xdr_agent 7.9 - 7.9.102
paloaltonetworks/cortex_xdr_agent 8.1 - 8.1.2
Published Jun 12, 2024
Tracked Since Feb 18, 2026