CVE-2020-2049

09.12.2020, 18:15

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
palo_alto	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Vendor	Product	Version
paloaltonetworks	cortex_xdr_agent	7.1.1 ≤ 𝑥 ≤ 7.1.3
paloaltonetworks	cortex_xdr_agent	7.2.1 ≤ 𝑥 ≤ 7.2.2
paloaltonetworks	cortex_xdr_agent	7.1
paloaltonetworks	cortex_xdr_agent	7.1:content_update149
paloaltonetworks	cortex_xdr_agent	7.2
paloaltonetworks	cortex_xdr_agent	7.2:content_update149

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-427 - Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References

https://security.paloaltonetworks.com/CVE-2020-2049