CVE-2021-3042
7.8 HIGHA local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an au...
Published: 2021-07-15 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-427
Affected products
| Vendor | Product |
|---|---|
| paloaltonetworks | cortex_xdr_agent |
Description
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3042
- [Vendor advisory]https://security.paloaltonetworks.com/CVE-2021-3042
- [Vendor advisory]https://security.paloaltonetworks.com/CVE-2021-3042
Related CVEs
Same vendor
- CVE-2026-0257 — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ... (9.1 CRITICAL)
- CVE-2025-0130 — A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to... (7.5 HIGH)
- CVE-2021-3057 — A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker ... (8.1 HIGH)
- CVE-2021-3055 — An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an au... (6.5 MEDIUM)
- CVE-2021-3054 — A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authentica... (7.2 HIGH)
Same CWE
- CVE-2026-12003 — To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build...
- CVE-2024-22451 — Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability (6.7 MEDIUM)
- CVE-2024-22447 — Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability (6.7 MEDIUM)
- CVE-2026-5064 — Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow ...
- CVE-2026-50100 — Multiple printer drivers provided by Ricoh Company, Ltd (7.8 HIGH)