Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-3041— Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation

CVSS 7.8 · High EPSS 0.03% · P10
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3041

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation
Source: NVD (National Vulnerability Database)
Vulnerability Description
A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Palo Alto Networks Cortex XDR Agent 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Palo Alto Networks Cortex XDR Agent是马来西亚Palo Alto Networks公司的一个用于检测客户端设备安全性的客户端软件。 Cortex XDR Agent 存在代码问题漏洞,该漏洞源于应用程序以不安全的方式加载DLL库。本地用户,具有在Windows根目录中创建文件的特权,或具有system特权操作键注册表值并在系统上执行任意代码的特权。攻击者可利用该漏洞允许本地用户升级对系统的特权。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Palo Alto NetworksCortex XDR Agent 5.0 ~ 5.0.11 -

II. Public POCs for CVE-2021-3041

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-3041

登录查看更多情报信息。

Same Patch Batch · Palo Alto Networks · 2021-06-10 · 3 CVEs total

CVE-2021-30406.7 MEDIUMBridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution
CVE-2021-30393.8 LOWPrisma Cloud Compute: User role authorization secret for Console leaked through log file e

IV. Related Vulnerabilities

Same product: Cortex XDR Agent
Same vendor: Palo Alto Networks
Same weakness: CWE-427

V. Comments for CVE-2021-3041

No comments yet

Leave a comment