Palo Alto Networks Security Advisories / PAN-SA-2022-0001

PAN-SA-2022-0001 Cortex XDR Agent: Supervisor Password Hash Disclosure Vulnerability When Generating Support Files


047910
Severity 3.3 · LOW
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE

Description

An information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local user to learn the cryptographic hash of the supervisor password when generating support files on a deployed agent.

An attacker must crack the supervisor password hash to make unauthorized changes to the local Cortex XDR agent. This issue has no security impact if the attacker cannot crack the supervisor password hash.

This issue is fixed in Cortex XDR agent 7.4.1 and all later agent versions. The impact of this issue is significantly mitigated with the use of a secure supervisor password.

Product Status

VersionsAffectedUnaffected
Cortex XDR Agent 7.5 CENoneAll
Cortex XDR Agent 7.9NoneAll
Cortex XDR Agent 7.8NoneAll
Cortex XDR Agent 7.4< 7.4.1>= 7.4.1
Cortex XDR Agent 5.0AllNone

Severity: LOW

CVSSv3.1 Base Score: 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this issue are publicly available.

Weakness Type

CWE-532 Information Exposure Through Log Files

Solution

This issue is fixed in Cortex XDR agent 7.4.1 and all later agent versions.

Workarounds and Mitigations

You should ensure that the Cortex XDR agent supervisor password is as complex as possible to make it infeasible for an attacker to crack and to mitigate the impact of this issue. Cortex XDR Server can enforce minimum password complexity requirements to ensure sufficiently secure passwords are used.

Acknowledgments

This issue was found by mr.d0x, an external security researcher.

Timeline

Clarified Cortex XDR agent fixed version
Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.