This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Is CVE-2021-4034 covered by Cortex XDR?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is CVE-2021-4034 covered by Cortex XDR?

fhu_omi
L1 Bithead

‎01-26-2022 07:35 AM - edited ‎01-26-2022 07:35 AM

Hi,

 

does anyone know if the vulnerability CVE-2021-4034 is covered by Cortex XDR Prevent or Pro?

Source: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation...

 

Kind regards

FH

2 people had this problem.
5 REPLIES 5

etugriceri
L3 Networker

‎01-26-2022 08:34 AM

Dear fhu_omi

 

There is no content update specifically for CVE-2021-4034 yet but this does not mean that you'll be unprotected. Cortex XDR focuses TTP's and unknowns and You'll be protected by BTP module. 

0 Likes Likes

fhu_omi
L1 Bithead
In response to etugriceri

‎01-30-2022 11:30 PM

Dear @etugriceri 

I will test it, then we will see if there existing modules will cover this pointer vulnerability. There is a test program out now: https://pythonrepo.com/repo/kimusan-pkwner

Luc_Desaulniers
L2 Linker
In response to fhu_omi

‎02-02-2022 09:23 AM

Hello @fhu_omi, did you get a chance to run some tests?

I ran a test on a test environment with XDR pro enabled and the exploit was allowed to execute without tripping anything on Cortex side initially. I did get a wildfire post detection a few hours later.

 

I'd like to hear others feedback for this one.

 

Thanks

0 Likes Likes

PeteJacobCF
L3 Networker

‎02-03-2022 01:25 PM

what version and content release is your asset on?

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks