Main Vulnerability Database SB2023020867

SB2023020867 - Multiple vulnerabilities in Cortex XDR Agent for Windows

Published: February 8, 2023

Security Bulletin ID SB2023020867

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Security features bypass (CVE-ID: CVE-2023-0002)

The vulnerability allows a local user to disable the agent.

The vulnerability exists due to improperly imposed security restrictions. A local user can execute privileged cytool commands that disable or uninstall the agent.

2) Cleartext storage of sensitive information (CVE-ID: CVE-2023-0001)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores credentials in an insecure manner. A local system administrator can disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.

Remediation

Install update from vendor's website.

SB2023020867 - Multiple vulnerabilities in Cortex XDR Agent for Windows

Breakdown by Severity

Description

Remediation

References

Please verify you're human