CVE-2023-0002

Summary

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XDR agent7.9 Allunaffected
Palo Alto NetworksCortex XDR agent7.8 Allunaffected
Palo Alto NetworksCortex XDR agent7.5 < 7.5.101-CEaffected
Palo Alto NetworksCortex XDR agent5.0 < 5.0.12.22203affected

Weaknesses

  • CWE-693: CWE-693 Protection Mechanism Failure

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References