Insecure DLL loading in Cortex XDR Agent for Windows - CVE-2021-3041

 

Insecure DLL loading in Cortex XDR Agent for Windows - CVE-2021-3041

Published: June 9, 2021


Vulnerability identifier: #VU53997
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-3041
CWE-ID: CWE-427
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Palo Alto Networks, Inc.
Affected software:
Cortex XDR Agent for Windows

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user with privileges to create files in the Windows root directory or to manipulate key registry values and execute arbitrary code on the system with SYSTEM privileges.


How to mitigate CVE-2021-3041

Install updates from vendor's website.

Sources