Cleartext storage of sensitive information in Cortex XDR Agent for Windows - CVE-2023-0001

 

Cleartext storage of sensitive information in Cortex XDR Agent for Windows - CVE-2023-0001

Published: February 8, 2023


Vulnerability identifier: #VU72068
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-0001
CWE-ID: CWE-312
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Palo Alto Networks, Inc.
Affected software:
Cortex XDR Agent for Windows

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores credentials in an insecure manner. A local system administrator can disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.


How to mitigate CVE-2023-0001

Install updates from vendor's website.

Sources