Lucene search
Palo Alto Networks Product Security Incident Response TeamPA-CVE-2023-0002HistoryFeb 08, 2023 - 5:00 p.m.
Cortex XDR Agent: Product Disruption by Local Windows User
2023-02-0817:00:00
Palo Alto Networks Product Security Incident Response Team
securityadvisories.paloaltonetworks.com
22
palo alto networks
cortex xdr
windows
local user
privileged commands
disruption
software
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
Work around:
There are no known workarounds for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cortex xdr agent | lt | 5.0.12.22203 on Windows | |
| cortex xdr agent | lt | 7.5.101-CE on Windows |
Related
cve
cve
CVE-2023-0002
2023-02-08 18:15:11
nvd
nvd
CVE-2023-0002
2023-02-08 18:15:11
cvelist
cvelist
CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User
2023-02-08 17:21:47
nessus
nessus
Palo Alto Cortex XDR Agent 5.x < 5.0.12.22203 / 7.5.x < 7.5.101-CE DoS
2023-05-30 00:00:00
prion
prion
Command injection
2023-02-08 18:15:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
Related for PA-CVE-2023-0002