CVE-2023-0001 — Cleartext Transmission of Sensitive Info in Palo Alto Networks Cortex XDR Agent

CWE-319 — Cleartext Transmission of Sensitive Info11 documents7 sources

Severity

6.7MEDIUMNVD

CNA6.0

EPSS

0.6%

top 31.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex XDR Agent Paloaltonetworks Cortex XDR Agent Paloalto Cortex XDR Agent

Timeline

PublishedFeb 8

Latest updateJul 10

Description

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶NVDpaloaltonetworks/cortex_xdr_agent7.5 — 7.5.101

▶CVEListV5palo_alto_networks/cortex_xdr_agent7.5 — 7.5.101-CE

▶Palo Altopaloalto/cortex_xdr_agent

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2024-07-10

▶

OSV

linux-azure, linux-azure-4.15 vulnerabilities↗2024-07-04

▶

OSV

linux-intel-iotg vulnerabilities↗2024-05-28

▶

OSV

linux-oem-6.5 vulnerabilities↗2024-05-07

▶

CVEList

Cortex XDR Agent: Cleartext Exposure of Agent Admin Password↗2023-02-08

▶

📋Vendor Advisories

VMware

VMware Aria Automation (formerly vRealize Automation) updates address a Missing Access Control vulnerability (CVE-2023-34063)↗2024-01-16

▶

Palo Alto

Cortex XDR Agent: Cleartext Exposure of Agent Admin Password↗2023-02-08

▶

VMware

VMware vRealize Log Insight latest updates address multiple security vulnerabilities (CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711)↗2023-01-24

▶