Cortex Xdr Agent
Approved changes feed: RSS · Atom
cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Palo Alto Networks (b3fb2ed8-9543-594b-b76a-18c6d89c012d) |
|---|---|
| Product | Cortex Xdr Agent (d99002a3-7c90-5f40-93f6-4fd42b14be58) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-0232 |
not_vulnerable | 2026-06-03 15:14:40.924074 |
Cortex XDR Agent: Local Administrator can disable the agent on Windows
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.
Published: 2026-04-13T07:22:48.325Z
Updated: 2026-04-13T13:27:43.511Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8690 |
not_vulnerable | 2026-06-03 14:58:19.161872 |
Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Published: 2024-09-11T16:42:39.974Z
Updated: 2024-09-11T18:24:05.107Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5912 |
not_vulnerable | 2026-06-03 14:57:54.556267 |
Cortex XDR Agent: Improper File Signature Verification Checks
An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.
Published: 2024-07-10T18:40:16.240Z
Updated: 2024-08-01T21:25:03.178Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5909 |
not_vulnerable | 2026-06-03 14:57:54.546124 |
Cortex XDR Agent: Local Windows User Can Disable the Agent
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
Published: 2024-06-12T16:29:23.822Z
Updated: 2024-08-01T21:25:03.192Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5907 |
vulnerable | 2026-06-03 14:57:54.535619 |
Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.
Published: 2024-06-12T16:26:39.742Z
Updated: 2024-08-01T21:25:03.047Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5905 |
vulnerable | 2026-06-03 14:57:54.529998 |
Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability.
Published: 2024-06-12T16:20:35.039Z
Updated: 2024-08-01T21:25:03.270Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3280 |
vulnerable | 2026-06-03 14:52:40.354233 |
Cortex XDR Agent: Local Windows User Can Disable the Agent
MEDIUM (5.5)
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
Published: 2023-09-13T16:13:29.266Z
Updated: 2024-09-25T17:48:34.264Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0002 |
not_vulnerable | 2026-06-03 14:48:45.259215 |
Cortex XDR Agent: Product Disruption by Local Windows User
MEDIUM (5.5)
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
Published: 2023-02-08T17:21:47.711Z
Updated: 2025-03-25T13:57:01.294Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0001 |
not_vulnerable | 2026-06-03 14:48:45.257224 |
Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
MEDIUM (6)
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
Published: 2023-02-08T17:20:20.774Z
Updated: 2024-08-02T04:54:32.569Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0029 |
not_vulnerable | 2026-06-03 14:45:55.379982 |
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
MEDIUM (5.5)
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
Published: 2022-09-14T16:35:08.910Z
Updated: 2025-06-04T15:08:32.763Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0029 |
vulnerable | 2026-06-03 14:45:55.379935 |
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File
MEDIUM (5.5)
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
Published: 2022-09-14T16:35:08.910Z
Updated: 2025-06-04T15:08:32.763Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0026 |
vulnerable | 2026-06-03 14:45:55.343655 |
Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability
MEDIUM (6.7)
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.
Published: 2022-05-11T16:30:25.746Z
Updated: 2024-09-17T01:26:10.764Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0025 |
not_vulnerable | 2026-06-03 14:45:55.342929 |
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
MEDIUM (6.7)
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent.
Published: 2022-05-11T16:30:24.228Z
Updated: 2024-09-17T02:42:23.753Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0025 |
vulnerable | 2026-06-03 14:45:55.342892 |
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
MEDIUM (6.7)
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent.
Published: 2022-05-11T16:30:24.228Z
Updated: 2024-09-17T02:42:23.753Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0015 |
not_vulnerable | 2026-06-03 14:45:55.325889 |
Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
HIGH (7.8)
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9.
Published: 2022-01-12T17:30:20.503Z
Updated: 2024-09-17T02:51:40.031Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0014 |
not_vulnerable | 2026-06-03 14:45:55.325360 |
Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session
MEDIUM (6.7)
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.
Published: 2022-01-12T17:30:18.718Z
Updated: 2024-09-16T23:00:50.618Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0013 |
not_vulnerable | 2026-06-03 14:45:55.324851 |
Cortex XDR Agent: File Information Exposure Vulnerability When Generating Support File
MEDIUM (5)
A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.
Published: 2022-01-12T17:30:17.158Z
Updated: 2024-09-16T17:58:02.852Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0012 |
not_vulnerable | 2026-06-03 14:45:55.323044 |
Cortex XDR Agent: Local Arbitrary File Deletion Vulnerability
MEDIUM (6.1)
An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.
Published: 2022-01-12T17:30:15.528Z
Updated: 2024-09-17T01:55:48.198Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3042 |
vulnerable | 2026-06-03 14:45:10.019074 |
Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation
HIGH (7.8)
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.
Published: 2021-07-15T16:45:12.285Z
Updated: 2024-09-17T04:18:46.587Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3042 |
not_vulnerable | 2026-06-03 14:45:10.019032 |
Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation
HIGH (7.8)
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.
Published: 2021-07-15T16:45:12.285Z
Updated: 2024-09-17T04:18:46.587Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3041 |
vulnerable | 2026-06-03 14:45:10.017969 |
Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation
HIGH (7.8)
A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version.
Published: 2021-06-10T12:33:06.552Z
Updated: 2024-09-16T22:01:54.695Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2049 |
not_vulnerable | 2026-06-03 14:42:29.859368 |
Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation
HIGH (7.8)
A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions.
Published: 2020-12-09T18:00:14.602Z
Updated: 2024-09-17T02:53:03.084Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2020 |
vulnerable | 2026-06-03 14:42:29.841875 |
Cortex XDR Agent: Exceptional condition denial-of-service (DoS)
MEDIUM (5.5)
An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.
Published: 2020-12-09T18:00:14.069Z
Updated: 2024-09-16T20:17:18.893Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.