CVE-2024-5912: 
Cortex XDR vulnerability analysis and mitigation

An improper file signature check vulnerability was identified in Palo Alto Networks Cortex XDR agent, tracked as CVE-2024-5912. The vulnerability was discovered by the Cyber Defence Center of BITMARCK, specifically Maximilan Pappert, and was disclosed on July 10, 2024. This security flaw affects multiple versions of the Cortex XDR agent, including versions 8.2, 7.9-CE, and earlier releases (Palo Alto Advisory).

The vulnerability has been assigned a CVSS v4.0 base score of 6.8 (MEDIUM), with attack vector being local (AV:L), low attack complexity (AC:L), and requiring low privileges (PR:L). The vulnerability specifically impacts the product's integrity (VI:H) while not affecting confidentiality or availability. The technical nature of the flaw involves improper verification of cryptographic signatures (CWE-347), which could allow bypass of executable blocking capabilities (NVD, Palo Alto Advisory).

The vulnerability enables an attacker to bypass the Cortex XDR agent's executable blocking capabilities, allowing the execution of untrusted executables on the affected device. This bypass can be leveraged to run untrusted software without being detected or blocked by the security system (Palo Alto Advisory).

Palo Alto Networks has released fixes for this vulnerability in multiple versions: Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.2, and all later versions. Users are advised to upgrade to these patched versions to mitigate the vulnerability (Palo Alto Advisory).