CVE-2023-0001: 
Cortex XDR vulnerability analysis and mitigation

An information exposure vulnerability was discovered in the Palo Alto Networks Cortex XDR agent on Windows devices (CVE-2023-0001). The vulnerability allows a local system administrator to disclose the admin password for the agent in cleartext, which malicious actors can then use to execute privileged cytool commands to disable or uninstall the agent. The issue was discovered internally by Palo Alto Networks and was disclosed on February 8, 2023 (Palo Alto).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.0 (Medium severity) with the following metrics: Attack Vector: Local, Attack Complexity: Low, Privileges Required: High, User Interaction: None, Scope: Unchanged, Confidentiality Impact: High, Integrity Impact: None, Availability Impact: High. The weakness type is classified as CWE-319 (Cleartext Transmission of Sensitive Information) (Palo Alto).

If exploited, the vulnerability allows attackers to obtain the agent's admin password in cleartext. This exposed password can be used to execute privileged cytool commands, potentially leading to the disablement or uninstallation of the Cortex XDR agent, compromising the security of the affected system (Palo Alto).

The vulnerability has been fixed in Cortex XDR agent version 7.5.101-CE and all later supported versions. After upgrading to a fixed version, administrators must change the agent admin password in case it was previously disclosed. Palo Alto Networks has indicated there are no known workarounds for this issue (Palo Alto).