Privilege escalation in Cortex XDR Agent

Published: 2021-06-09
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-3041
Exploitation vector Local
Public exploit N/A
Vulnerable software
Cortex XDR Agent for Windows
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Palo Alto Networks, Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Insecure DLL loading

EUVDB-ID: #VU53997

Risk: Low


CVE-ID: CVE-2021-3041

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user with privileges to create files in the Windows root directory or to manipulate key registry values and execute arbitrary code on the system with SYSTEM privileges.


Install updates from vendor's website.

Vulnerable software versions

Cortex XDR Agent for Windows: 5.0.0 - 7.2.2

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?