Palo Alto Networks (Cortex XDR Agent, GlobalProtect App, Prisma Cloud Compute) Family June 2024 Security Update Advisory

Overview

 

Palo Alto Networks(https://www.paloaltonetworks.com/) has released a security update that fixes vulnerabilities in products it has been made. Users of affected products are advised to update to the latest version.

 

Affected Products

 

Cortex XDR Agent X

Cortex XDR Agent X

Cortex XDR Agent prior to version 8.2.1

Cortex XDR Agent prior to version 8.1.2

Cortex XDR Agent prior to version 7.9.102-CE

GlobalProtect App prior to version 6.2.3

GlobalProtect App prior to version 6.1.3

GlobalProtect App prior to version 6.0.8

GlobalProtect App prior to version 5.1.12

Cortex XDR Agent X

Cortex XDR Agent prior to version 8.3.1

Cortex XDR Agent prior to version 8.2.3

Cortex XDR Agent All

Cortex XDR Agent prior to version 7.9.102-CE

Prisma Cloud Compute prior to version 32.05 (O’Neal – Update 5)

 

Resolved Vulnerabilities

 

A vulnerability in Cortex XDR Agent that allows local Windows users with low privileges to disable the agent (CVE-2024-5909, CVSS 6.8) [1]

In GlobalProtect App A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. (CVE-2024-5908, CVSS 5.5) [2]

Vulnerability in Cortex XDR Agent that could allow local users to execute a program with elevated privileges (CVE-2024-5907, CVSS 5.2) [3]

Vulnerability in Prisma Cloud Compute in a JavaScript payload using the web interface in Prisma Cloud Compute (CVE-2024-5906, CVSS 4.8) [4]

 

Vulnerability Patches

 

The June 12, 2024 update provided the following product-specific Vulnerability Patches.

Cortex XDR Agent All.

Cortex XDR Agent All

Cortex XDR Agent 8.2.1 or later versions

Cortex XDR Agent 8.1.2 or later versions

Cortex XDR Agent 7.9.102-CE or later versions

GlobalProtect App 6.2.3 or later versions

GlobalProtect App 6.1.3 or later versions

GlobalProtect App 6.0.8 or later versions

GlobalProtect App 5.1.12 or later versions

Cortex XDR Agent All

Cortex XDR Agent 8.3.1 or later versions

Cortex XDR Agent 8.2.3 or later versions

Cortex XDR Agent X

Cortex XDR Agent 7.9.102-CE or later versions

Prisma Cloud Compute 32.05 (O’Neal – Update 5) or later versions

 

Referenced Sites

 

[1] Cortex XDR Agent: Local Windows User Can Disable the Agent

https://security.paloaltonetworks.com/CVE-2024-5909

[2] GlobalProtect App: Encrypted Credential Exposure via Log Files

https://security.paloaltonetworks.com/CVE-2024-5908

[3] Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability

https://security.paloaltonetworks.com/CVE-2024-5907

[4] Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

https://security.paloaltonetworks.com/CVE-2024-5906