CVE-2023-0001

Cortex XDR Agent: Cleartext Exposure of Agent Admin Password

CVSS 6 MEDIUMEPSS 0.2%CWE-319

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Feb 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Affected products

Palo Alto Networks · Cortex XDR agent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.paloaltonetworks.com/CVE-2023-0001