CVE-2023-0001

MEDIUM Year: 2023
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-319
View all →

Vulnerability Description

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.

Related Vulnerabilities

CVE-2019-14808

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., ex...

CWE-3192019

CVE-2020-4152

MEDIUM
CVSS:6.8(Medium)

IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force I...

CWE-3192020

CVE-2020-4397

MEDIUM
CVSS:6.8(Medium)

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.

CWE-3192020

CVE-2021-20169

MEDIUM
CVSS:6.8(Medium)

Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive inform...

CWE-3192021

CVE-2021-44518

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. Th...

CWE-3192021

CVE-2022-21951

MEDIUM
CVSS:6.8(Medium)

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted v...

CWE-3192022