CVE-2024-8690: 
Cortex XDR vulnerability analysis and mitigation

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue was discovered by Ayman Sagy of CyberCX and disclosed on September 11, 2024. The vulnerability affects Cortex XDR Agent version 7.9.102-CE on Windows systems (Palo Alto Advisory).

The vulnerability has been assigned a CVSS v4.0 base score of 5.6 (MEDIUM) with the following vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:L/AU:N/R:U/V:D/RE:M/U:Amber. The issue is classified as CWE-440: Expected Behavior Violation. The vulnerability requires local access and high privileges to exploit, with no user interaction needed (Palo Alto Advisory, NVD).

If exploited, this vulnerability could allow malware to disable the Cortex XDR agent and subsequently perform malicious activity without detection. The vulnerability primarily affects the integrity of the system's security controls (Palo Alto Advisory).

This vulnerability has been fixed in Cortex XDR Agent 8.2 and all later versions. Users are advised to upgrade to a patched version to mitigate the risk (Palo Alto Advisory).