{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-5912","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","state":"PUBLISHED","assignerShortName":"palo_alto","dateReserved":"2024-06-12T15:27:56.188Z","datePublished":"2024-07-10T18:40:16.240Z","dateUpdated":"2024-08-01T21:25:03.178Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Cortex XDR Agent","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"8.4","versionType":"custom"},{"status":"unaffected","version":"8.3-CE","versionType":"custom"},{"status":"unaffected","version":"8.3","versionType":"custom"},{"changes":[{"at":"7.9.102-CE","status":"unaffected"}],"lessThan":"7.9.102-CE","status":"affected","version":"7.9-CE","versionType":"custom"},{"changes":[{"at":"8.2.2","status":"unaffected"}],"lessThan":"8.2.2","status":"affected","version":"8.2","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue."}],"datePublic":"2024-07-10T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."}],"value":"An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-554","descriptions":[{"lang":"en","value":"CAPEC-554 Functionality Bypass"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":6.8,"baseSeverity":"MEDIUM","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"CONCENTRATED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-347","description":"CWE-347 Improper Verification of Cryptographic Signature","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-07-10T18:40:16.240Z"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2024-5912"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions.<br>"}],"value":"This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions."}],"source":{"defect":["CPATR-22565"],"discovery":"EXTERNAL"},"timeline":[{"lang":"en","time":"2024-07-10T16:00:00.000Z","value":"Initial publication"}],"title":"Cortex XDR Agent: Improper File Signature Verification Checks","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-11T14:37:27.359741Z","id":"CVE-2024-5912","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-11T14:37:33.165Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:25:03.178Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://security.paloaltonetworks.com/CVE-2024-5912"}]}]}}