Palo Alto Networks Cortex XDR AgentÍâµØÌáȨÎó²î£¨CVE-2021-3041£©

Ðû²¼Ê±¼ä 2021-06-10

0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2021-3041

ʱ    ¼ä

2021-06-10

Àà    ÐÍ

LPE

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

·ñ

Ó°Ïì¹æÄ£


¹¥»÷ÖØƯºó

µÍ

¿ÉÓÃÐÔ

¸ß

Óû§½»»¥

ÎÞ

ËùÐèȨÏÞ

µÍ

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

·ñ

 

0x01 Îó²îÏêÇé

image.png

Palo Alto Networks Cortex XDR AgentÊÇPalo Alto Networks¹«Ë¾µÄÒ»¸öÓÃÓÚ¼ì²â¿Í»§¶Ë×°±¸Çå¾²ÐԵĿͻ§¶ËÈí¼þ¡£¡£¡£

2021Äê06ÔÂ09ÈÕ£¬£¬£¬£¬£¬Palo Alto NetworksÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬¹ûÕæÁËWindows ƽ̨ÉÏCortex XDR AgentÖеÄÒ»¸öÍâµØȨÏÞÌáÉýÎó²î£¨CVE-2021-3041£©£¬£¬£¬£¬£¬¾­ÓÉÈÏÖ¤µÄÍâµØ¹¥»÷ÕßÄܹ»Ê¹ÓôËÎó²îÒÔSYSTEMȨÏÞÖ´ÐгÌÐò£¬£¬£¬£¬£¬µ«Ê¹ÓôËÎó²îÐèÒªÓµÓÐÔÚWindows¸ùĿ¼Ï½¨ÉèÎļþ»ò²Ù×÷×¢²á±íµÄȨÏÞ¡£¡£¡£

 

Ó°Ïì¹æÄ£

Cortex XDR Agent < 5.0.11

Cortex XDR Agent < 6.1.8

Cortex XDR Agent < 7.2.3 »ò ûÓÐÄÚÈݸüе½171»ò¸ü¸ß°æ±¾µÄ

 

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ´ËÎó²îÒѾ­ÐÞ¸´£¬£¬£¬£¬£¬½¨ÒéʵʱÉý¼¶¸üÐÂÖ®ÒÔÏ°汾:

Cortex XDR Agent >= 7.2.3 »ò ÄÚÈݸüе½171 »ò¸ü¸ß°æ±¾

Cortex XDR Agent >= 6.1.8

Cortex XDR Agent >= 5.0.11

 

ÏÂÔØÁ´½Ó£º

https://support.paloaltonetworks.com/support

»º½â²½·¥£º

×èÖ¹ÍâµØ¾­ÓÉÉí·ÝÑéÖ¤µÄ Windows Óû§ÔÚ Windows ¸ùĿ¼£¨Èç C:\£©Öн¨ÉèÎļþ²¢Õ¥È¡Æä²Ù×÷ Windows ×¢²á±í¡£¡£¡£

 

 

0x03 ²Î¿¼Á´½Ó

https://security.paloaltonetworks.com/CVE-2021-3041

https://nvd.nist.gov/vuln/detail/CVE-2021-3041

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3041

 

0x04 ʱ¼äÏß

2021-06-09  Palo Alto NetworksÐû²¼Ç徲ͨ¸æ

2021-06-10  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png