Palo Alto Networks announced the availability of patches to address security flaws in the Cortex XDR Agent and Cortex XSOAR. Updates fix the following issues:

CVE-2023-0001 - An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices that allows a local system administrator to disclose the admin password. This issue is fixed in Cortex XDR agent 7.5.101-CE.

CVE-2023-0002 – Vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices that allows a local user to execute privileged commands that disable or uninstall the agent. This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE.

CVE-2023-0003 - Vulnerability in the Palo Alto Networks Cortex XSOAR server software that enables to read files. This issue is fixed in Cortex XSOAR versions 6.6.B186115, 6.8.B185719, 6.9.B185415, 6.10.0.185964.

More information on vulnerabilities and updates is available in Palo Alto Networks security advisories – paloaltonetworks.com.