FKIE_CVE-2020-2020

Vulnerability from fkie_nvd - Published: 2020-12-09 18:15 - Updated: 2024-11-21 05:24
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.
References
psirt@paloaltonetworks.comhttps://security.paloaltonetworks.com/CVE-2020-2020Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.paloaltonetworks.com/CVE-2020-2020Vendor Advisory
Impacted products
Vendor Product Version
paloaltonetworks cortex_xdr_agent *
paloaltonetworks cortex_xdr_agent *
paloaltonetworks cortex_xdr_agent *
paloaltonetworks cortex_xdr_agent *
To clipboard Create KEV Entry 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A75398A3-ED40-4983-A80A-ECAE760B5400",
              "versionEndExcluding": "5.0.10",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC3EA409-30E8-4E2D-B1B5-F2C946F3613B",
              "versionEndExcluding": "6.1.7",
              "versionStartIncluding": "6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "762B2DF4-229D-4755-A0B3-47D4BFD8C21A",
              "versionEndExcluding": "7.0.3",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A974F5-3BEE-496F-8833-F7DC4D86C56D",
              "versionEndExcluding": "7.1.2",
              "versionStartIncluding": "7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software\u0027s internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2."
    },
    {
      "lang": "es",
      "value": "Un manejo inapropiado de una vulnerabilidad de condiciones excepcionales en Cortex XDR Agent permite a un usuario de Windows autenticado localmente crear archivos en el directorio de programa interno del software que impide que se inicie Cortex XDR Agent.\u0026#xa0;La condici\u00f3n excepcional es persistente e impide que Cortex XDR Agent se inicie cuando se reinicia el software o la m\u00e1quina.\u0026#xa0;Este problema afecta a: Cortex XDR Agent versiones 5.0 anteriores a 5.0.10;\u0026#xa0;Cortex XDR Agent versiones 6.1 anteriores a 6.1.7;\u0026#xa0;Cortex XDR Agent  versiones 7.0 anteriores a 7.0.3;\u0026#xa0;Cortex XDR Agent versiones 7.1 anteriores a 7.1.2"
    }
  ],
  "id": "CVE-2020-2020",
  "lastModified": "2024-11-21T05:24:28.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-12-09T18:15:10.663",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2020-2020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2020-2020"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.