CVE-2023-0001

MEDIUM

Palo Alto Networks Cortex XDR < - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-0001. Includes Metasploit module spec/support/shared/examples/msf/db_manager/vuln.

AI-analyzed exploit summary This is a Metasploit test suite for vulnerability management functionality, specifically testing the `Msf::DBManager::Vuln` module. It includes unit tests for vulnerability reporting, querying, and reference handling, but does not contain actual exploit code for CVE-2023-0001.

Description

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.

Exploits (1)

metasploit WRITEUP

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/spec/support/shared/examples/msf/db_manager/vuln.rb

View Code ZIP pw:eip

This is a Metasploit test suite for vulnerability management functionality, specifically testing the `Msf::DBManager::Vuln` module. It includes unit tests for vulnerability reporting, querying, and reference handling, but does not contain actual exploit code for CVE-2023-0001.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Metasploit Framework

No auth needed

Prerequisites: Metasploit Framework installation · Database backend configured

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://security.paloaltonetworks.com/CVE-2023-0001

Scores

CVSS v3 6.0

EPSS 0.0047

EPSS Percentile 65.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-319

Status published

Products (1)

paloaltonetworks/cortex_xdr_agent 7.5 - 7.5.101

Published Feb 08, 2023

Tracked Since Feb 18, 2026