CVE-2020-2020
Last modified
CVE-2020-2020 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. EPSS estimates a 0.30% chance of exploitation in the next 30 days.
Description
An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Cortex Xdr Agent | >= 5.0, < 5.0.10 |
| Paloaltonetworks | Cortex Xdr Agent | >= 6.1, < 6.1.7 |
| Paloaltonetworks | Cortex Xdr Agent | >= 7.0, < 7.0.3 |
| Paloaltonetworks | Cortex Xdr Agent | >= 7.1, < 7.1.2 |
References
- https://security.paloaltonetworks.com/CVE-2020-2020Vendor Advisory
- https://security.paloaltonetworks.com/CVE-2020-2020Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-2020?
How severe is CVE-2020-2020?
How do I fix CVE-2020-2020?
Are you affected by CVE-2020-2020?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST