Palo Alto Cortex XDR Agent 5.x < 5.0.12.22203 / 7.5.x < 7.5.101-CE DoS

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(176474);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/31");

  script_cve_id("CVE-2023-0002");

  script_name(english:"Palo Alto Cortex XDR Agent 5.x < 5.0.12.22203 / 7.5.x < 7.5.101-CE DoS");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Palo Alto Cortex XDR Agent installed on the remote Windows host is 5.x prior to 5.0.12.22203 or 7.5
prior to 7.5.101-CE. It is, therefore, affected by a denial of service (DoS) vulnerability. A problem with a protection
mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool
commands that disable or uninstall the agent.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/CVE-2023-0002");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Palo Alto Cortex XDR Agent version 5.0.12.22203, 7.5.101-CE or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-0002");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:paloaltonetworks:cortex_xdr_agent");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("palo_alto_cortex_xdr_agent_win_installed.nbin");
  script_require_keys("installed_sw/Palo Alto Cortex XDR Agent", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');

var app_info = vcf::get_app_info(app:'Palo Alto Cortex XDR Agent', win_local:TRUE);

var constraints = [
  { 'min_version' : '5.0', 'fixed_version' : '5.0.12.22203' },
  { 'min_version' : '7.5', 'fixed_version' : '7.5.101' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);