CVE-2023-0002 — Protection Mechanism Failure in Palo Alto Networks Cortex XDR Agent

CWE-693 — Protection Mechanism Failure CWE-476 — NULL Pointer Dereference CWE-822 — Untrusted Pointer Dereference CWE-787 — Out-of-bounds Write CWE-366 — Race Condition within a Thread14 documents9 sources

Severity

7.8HIGHNVD

CNA5.5

EPSS

0.1%

top 69.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex XDR Agent Paloaltonetworks Cortex XDR Agent Paloalto Cortex XDR Agent

Timeline

PublishedFeb 8

Latest updateDec 30

Description

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDpaloaltonetworks/cortex_xdr_agent5.0 — 5.0.12.22203+1

▶CVEListV5palo_alto_networks/cortex_xdr_agent7.5 — 7.5.101-CE+1

▶Palo Altopaloalto/cortex_xdr_agent

🔴Vulnerability Details

OSV

RDMA/srpt: Add a check for valid 'mad_agent' pointer↗2025-12-30

▶

OSV

drm/i915/gvt: fix gvt debugfs destroy↗2025-12-24

▶

Kernel

xfrm: add NULL check in xfrm_update_ae_params↗2023-07-21

▶

CVEList

Cortex XDR Agent: Product Disruption by Local Windows User↗2023-02-08

▶

GHSA

GHSA-55pm-78cq-2wj2: A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool c↗2023-02-08

▶

📋Vendor Advisories

Red Hat

kernel: scsi: qedi: Fix crash while reading debugfs attribute↗2024-07-12

▶

Red Hat

kernel: drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini↗2024-05-21

▶

Palo Alto

Cortex XDR Agent: Product Disruption by Local Windows User↗2023-02-08

▶

VMware

VMware vRealize Operations (vROps) update addresses a CSRF bypass vulnerability (CVE-2023-20856)↗2023-01-31

▶