Is CVE-2024-5909 actively exploited?

CVE-2024-5909 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2024-5909?

CVE-2024-5909 has a CVSS score of 6.8 (MEDIUM severity). Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber.

How do I patch CVE-2024-5909?

Patch guidance is available from paloaltonetworks security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-5909.

CVE-2024-5909 - remediation guidance & executive summary

Q: Which products are affected by CVE-2024-5909?

3 products: paloaltonetworks cortex xdr agent, paloaltonetworks cortex xdr agent, paloaltonetworks cortex xdr agent.

Description

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

CVSS Metrics

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Confidentiality: undefined
Integrity: undefined
Availability: undefined
Weaknesses: CWE-269 · Improper Privilege Management CWE-269 · Improper Privilege Management

Metadata

Primary Vendor: PALOALTONETWORKS
Published: 6/12/2024
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

paloaltonetworks : cortex_xdr_agentpaloaltonetworks : cortex_xdr_agentpaloaltonetworks : cortex_xdr_agent

Remediation Guidance

Executive Summary

View on NIST NVD