VDB
CVE-2024-5912
CVE-2024-5912
PUBLISHED
CVSS 6.800000190734863 MEDIUM
An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.
EPSS 0.01% · 2.2th percentile
Risk Scores
CVSS v4.0
6.800000190734863
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber
EPSS Score
0.01%
2.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | 8.4, 8.3-CE, 8.3 |
Timeline
- Jul 10, 2024 CVE Published
- Jul 11, 2024 EPSS Score
- Jul 12, 2024 PoC Published
- Aug 1, 2024 CVE Updated
- Aug 2, 2024 EPSS Score
- Aug 24, 2024 EPSS Score
- Sep 15, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 7, 2024 EPSS Score
- Oct 29, 2024 EPSS Score
- Nov 20, 2024 EPSS Score
- Dec 13, 2024 EPSS Score
References
- https://security.paloaltonetworks.com/CVE-2024-5910 advisory
- https://security.paloaltonetworks.com/CVE-2024-3596 advisory
- https://security.paloaltonetworks.com/PAN-SA-2024-0006 advisory
- https://security.paloaltonetworks.com/CVE-2024-5912 advisory
- https://security.paloaltonetworks.com/CVE-2024-5913 advisory
- https://security.paloaltonetworks.com/CVE-2024-5911 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-5912 advisory