The version of Palo Alto Cortex XDR Agent installed on the remote Windows host is 7.5 prior to 7.5.101-CE. It is, therefore, affected by an information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices that allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(176475);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/31");
script_cve_id("CVE-2023-0001");
script_name(english:"Palo Alto Cortex XDR Agent 7.5.x < 7.5.101-CE Cleartext Credential");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by cleartext credential exposure.");
script_set_attribute(attribute:"description", value:
"The version of Palo Alto Cortex XDR Agent installed on the remote Windows host is 7.5 prior to 7.5.101-CE. It is,
therefore, affected by an information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows
devices that allows a local system administrator to disclose the admin password for the agent in cleartext, which bad
actors can then use to execute privileged cytool commands that disable or uninstall the agent.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/CVE-2023-0001");
script_set_attribute(attribute:"solution", value:
"Upgrade to Palo Alto Cortex XDR Agent version 7.5.101-CE or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-0001");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/08");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:paloaltonetworks:cortex_xdr_agent");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("palo_alto_cortex_xdr_agent_win_installed.nbin");
script_require_keys("installed_sw/Palo Alto Cortex XDR Agent", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Palo Alto Cortex XDR Agent', win_local:TRUE);
var constraints = [
{ 'min_version' : '7.5', 'fixed_version' : '7.5.101' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
paloaltonetworks | cortex_xdr_agent | cpe:/a:paloaltonetworks:cortex_xdr_agent |