Multiple vulnerabilities in Cortex XDR Agent for Windows



Published: 2023-02-08
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-0002
CVE-2023-0001
CWE-ID CWE-254
CWE-312
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Cortex XDR Agent for Windows
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU72069

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0002

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local user to disable the agent.

The vulnerability exists due to improperly imposed security restrictions. A local user can execute privileged cytool commands that disable or uninstall the agent.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cortex XDR Agent for Windows: before 7.5.101-CE

External links

http://security.paloaltonetworks.com/CVE-2023-0002


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cleartext storage of sensitive information

EUVDB-ID: #VU72068

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0001

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores credentials in an insecure manner. A local system administrator can disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cortex XDR Agent for Windows: before 7.5.101-CE

External links

http://security.paloaltonetworks.com/CVE-2023-0001


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###