Palo Alto Networks Cortex XDR Agent could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path element flaw. By using a specially-crafted file, an authenticated attacker could exploit this vulnerability to execute arbitrary programs with elevated privileges.
Palo Alto Networks PAN-OS could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious configuration file, which could allow the attacker to execute arbitrary code with root privileges on the system.
Refer to Palo Alto Networks Security Advisories for patch, upgrade or suggested workaround information.