Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2023-0002 CVE-2023-0001 |
CWE-ID | CWE-254 CWE-312 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Cortex XDR Agent for Windows Client/Desktop applications / Antivirus software/Personal firewalls |
Vendor |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU72069
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0002
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to disable the agent.
The vulnerability exists due to improperly imposed security restrictions. A local user can execute privileged cytool commands that disable or uninstall the agent.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCortex XDR Agent for Windows: before 7.5.101-CE
External linkshttp://security.paloaltonetworks.com/CVE-2023-0002
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72068
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0001
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores credentials in an insecure manner. A local system administrator can disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCortex XDR Agent for Windows: before 7.5.101-CE
External linkshttp://security.paloaltonetworks.com/CVE-2023-0001
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.