PT-2020-15271 · Microsoft+1 · Windows+1
Chris Au
+1
·
Published
2020-12-09
·
Updated
2020-12-16
·
CVE-2020-2049
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Palo Alto Networks Cortex XDR Agent versions 7.1 with content update 149 and earlier versions
Palo Alto Networks Cortex XDR Agent versions 7.2 with content update 149 and earlier versions
Description
A local privilege escalation issue exists in Palo Alto Networks Cortex XDR Agent on the Windows platform, allowing an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory.
Recommendations
For versions 7.1 with content update 149 and earlier versions, update to a version with a content update later than 149 to resolve the issue.
For versions 7.2 with content update 149 and earlier versions, update to a version with a content update later than 149 to resolve the issue.
As a temporary workaround, consider restricting access to the Windows root directory to prevent users from creating files in this location, thereby minimizing the risk of exploitation.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cortex Xdr Agent
Windows