CVE-2023-0001 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
|Cortex XDR Agent 7.9||None||all|
|Cortex XDR Agent 7.8||None||all|
|Cortex XDR Agent 7.5||< 7.5.101-CE on Windows||>= 7.5.101-CE on Windows|
|Cortex XDR Agent 5.0||None||all|
CVSSv3.1 Base Score: 6 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H)
This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)
After you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users.
Workarounds and Mitigations
There are no known workarounds for this issue.