Main Vulnerability Database Vulnerabilities #VU72068

Cleartext storage of sensitive information in Cortex XDR Agent for Windows - CVE-2023-0001

Published: February 8, 2023

Vulnerability identifier: #VU72068

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-0001

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cortex XDR Agent for Windows

Software vendor:
Palo Alto Networks, Inc.

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores credentials in an insecure manner. A local system administrator can disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.

Remediation

Install updates from vendor's website.

External links

https://security.paloaltonetworks.com/CVE-2023-0001

Cleartext storage of sensitive information in Cortex XDR Agent for Windows - CVE-2023-0001

Description

Remediation

External links

Please verify you're human