CVE-2020-1991
published 2020-04-08CVE-2020-1991: An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system…
PriorityP429high7.1CVSS 3.1
AVLACLPRLUINSUCNIHAH
EPSS
0.27%
17.9th percentile
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | traps | >= 5.0 < 5.0.8 | 5.0.8 |
| palo_alto_networks | traps | >= 6.1 < 6.1.4 | 6.1.4 |
| paloalto | traps | — | — |
| paloaltonetworks | traps | >= 5.0 < 5.0.8 | 5.0.8 |
| paloaltonetworks | traps | >= 6.1 < 6.1.4 | 6.1.4 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Traps: Insecure temporary file vulnerability may allow privilege escalation on Windows
vendor_paloalto·2020-04-08·CVSS 7.1
CVE-2020-1991 [HIGH] CWE-377 Traps: Insecure temporary file vulnerability may allow privilege escalation on Windows
Traps: Insecure temporary file vulnerability may allow privilege escalation on Windows
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files.
This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows; all versions of 6.0, 4.2, 4.1, and older releases on Windows.
This issue does not affect Cortex XDR 7.0.
This issue does not affect Traps for Linux or MacOS.
Affected products: Traps
Solution: This issue is fixed in Traps 5.0.8, 6.1.4 and later versions.
Workaround: There are no viable workarounds for this issue.
GHSA
GHSA-vfx3-vc54-592p: An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite sys
ghsa_unreviewed·2022-05-24
CVE-2020-1991 [LOW] GHSA-vfx3-vc54-592p: An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite sys
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-04-08
Published