CVE-2020-1991
08.04.2020, 19:15
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | traps | 5.0 ≤ 𝑥 < 5.0.8 |
| paloaltonetworks | traps | 6.1 ≤ 𝑥 < 6.1.4 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| palo_alto_networks | traps | 5.0 ≤ 𝑥 < 5.0.8 | CNA |
| palo_alto_networks | traps | 6.1 ≤ 𝑥 < 6.1.4 | CNA |
Common Weakness Enumeration
- CWE-377 - Insecure Temporary FileCreating and using insecure temporary files can leave application and system data vulnerable to attack.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.