{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-8690","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","state":"PUBLISHED","assignerShortName":"palo_alto","dateReserved":"2024-09-11T08:21:15.662Z","datePublished":"2024-09-11T16:42:39.974Z","dateUpdated":"2024-09-11T18:24:05.107Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Cortex XDR Agent","vendor":"Palo Alto Networks","versions":[{"status":"unaffected","version":"8.5"},{"status":"unaffected","version":"8.4"},{"status":"unaffected","version":"8.3"},{"status":"unaffected","version":"8.3-CE"},{"status":"unaffected","version":"8.2"},{"status":"affected","version":"7.9.102-CE"}]}],"credits":[{"lang":"en","type":"finder","value":"Ayman Sagy of CyberCX"}],"datePublic":"2024-09-11T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."}],"value":"A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-554","descriptions":[{"lang":"en","value":"CAPEC-554 Functionality Bypass"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"LOCAL","baseScore":5.6,"baseSeverity":"MEDIUM","privilegesRequired":"HIGH","providerUrgency":"AMBER","subAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-440","description":"CWE-440: Expected Behavior Violation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-09-11T16:42:39.974Z"},"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-8690"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions.<br>"}],"value":"This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions."}],"source":{"defect":["CPATR-20644"],"discovery":"EXTERNAL"},"timeline":[{"lang":"en","time":"2024-09-11T16:00:00.000Z","value":"Initial publication"}],"title":"Cortex XDR Agent: Local Windows Administrator Can Disable the Agent","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-11T18:23:32.709813Z","id":"CVE-2024-8690","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T18:24:05.107Z"}}]}}