CVE-2023-0001 MEDIUM

CVE-2023-0001: Cortex XDR Agent: Cleartext Exposure of Agent Admin Password

Vendor Palo Alto Networks
Product Cortex XDR agent
Weakness CWE-319 · Cleartext transmission
Published February 8, 2023
Last update August 2, 2024

CVSS base score

6.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.

Key dates

02Disclosure timeline

February 8, 2023 CVE published
August 2, 2024 Record updated