Vulnerability Details : CVE-2023-3280
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
Products affected by CVE-2023-3280
- Paloaltonetworks » Cortex Xdr Agent » Content Update EditionVersions from including (>=) 7.9.0 and before (<) 7.9.101cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:content_update:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:-:*:*:*
- Paloaltonetworks » Cortex Xdr AgentVersions from including (>=) 5.0 and up to, including, (<=) 5.0.12.22203cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*
- cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.5.102:*:*:*:content_update:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3280
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3280
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
Palo Alto Networks, Inc. |
CWE ids for CVE-2023-3280
-
The product does not handle or incorrectly handles an exceptional condition.Assigned by:
- nvd@nist.gov (Primary)
- psirt@paloaltonetworks.com (Secondary)
References for CVE-2023-3280
-
https://security.paloaltonetworks.com/CVE-2023-3280
CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the AgentVendor Advisory
Jump to