Primary

Context

Palo Alto Networks Cortex XDR Broker VM Credential Management Flaw Allowing Access to Internal Services

Vulnerability

A credential management vulnerability exists in Palo Alto Networks Cortex XDR Broker VM versions 28.0.0 prior to 28.0.52. This flaw allows different Broker VM images to share the same default credentials for internal services. Users with knowledge of these default credentials could access internal services on other Broker VM installations. Exploitation requires network access to the Broker VM.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal services on other Broker VM installations, potentially allowing for further actions depending on the accessed services.

Remediation

Users with automatic upgrades enabled for Broker VM do not need to take any action. Those without automatic upgrades should enable this feature to ensure the latest security patches are applied.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

4.5

remediation

0.0

relevance

0.3

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

4.5

remediation

0.0

relevance

0.3

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Palo Alto Networks Cortex XDR Broker VM Credential Management Flaw Allowing Access to Internal Services

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating