Vulnerabilities > Paloaltonetworks > Cortex XDR Agent > 7.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-08 | CVE-2023-0001 | Cleartext Transmission of Sensitive Information vulnerability in Paloaltonetworks Cortex XDR Agent 7.5 An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. | 6.7 |
| 2023-02-08 | CVE-2023-0002 | Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | 7.8 |
| 2022-09-14 | CVE-2022-0029 | Link Following vulnerability in Paloaltonetworks Cortex XDR Agent An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file. | 5.5 |
| 2022-05-11 | CVE-2022-0026 | Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. | 6.7 |