CVE-2023-0001: Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
First published: Wed Feb 08 2023(Updated: )
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Palo Alto Networks Cortex XDR Agent | >=7.5<7.5.101 | |
| Microsoft Windows Operating System | ||
| Palo Alto Networks Cortex XDR Agent | >=7.5<7.5.101 | |
| Microsoft Windows Operating System |
Remedy
This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.) After you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-0001?
CVE-2023-0001 is an information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices, which allows a local system administrator to disclose the admin password in cleartext.
How can this vulnerability be exploited?
This vulnerability can be exploited by a local system administrator who can disclose the admin password and attackers can then use it to execute privileged cytool commands that disable or uninstall the agent.
What is the severity of CVE-2023-0001?
The severity of CVE-2023-0001 is medium with a CVSS score of 6.7.
Which software versions are affected by CVE-2023-0001?
The Palo Alto Networks Cortex XDR agent versions 7.5 and below are affected by CVE-2023-0001.
Is Microsoft Windows affected by this vulnerability?
No, Microsoft Windows is not affected by CVE-2023-0001.
How can I fix CVE-2023-0001?
To fix CVE-2023-0001, it is recommended to update the Palo Alto Networks Cortex XDR agent to a version above 7.5.101.
Where can I find more information about CVE-2023-0001?
You can find more information about CVE-2023-0001 on the Palo Alto Networks Security Advisory page: [https://security.paloaltonetworks.com/CVE-2023-0001]
- agent/first-publish-date
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/remedy
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/paloaltonetworks
- canonical/palo alto networks cortex xdr agent
- version/palo alto networks cortex xdr agent/7.5
- vendor/microsoft
- canonical/microsoft windows operating system