CVE-2020-2020Improper Handling of Exceptional Conditions in Palo Alto Networks Cortex XDR Agent

CWE-755Improper Handling of Exceptional ConditionsCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-307Improper Restriction of Excessive Authentication AttemptsCWE-416Use After FreeCWE-20Improper Input ValidationCWE-295Improper Certificate ValidationCWE-285Improper Authorization53 documents18 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 81.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Cortex XDR AgentPaloaltonetworks Cortex XDR AgentPaloalto Cortex XDR Agent
Timeline
PublishedDec 9
Latest updateMar 18

Description

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDpaloaltonetworks/cortex_xdr_agent5.05.0.10+3
CVEListV5palo_alto_networks/cortex_xdr_agent7.07.0.3+3

🔴Vulnerability Details

4
GHSA
GHSA-rj77-cp45-4q8h: An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the soft2022-05-24
GHSA
Use after free in actix-service2021-08-25
CVEList
Cortex XDR Agent: Exceptional condition denial-of-service (DoS)2020-12-09
OSV
apache2 vulnerabilities2020-08-13

💥Exploits & PoCs

1
Exploit-DB
Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)2020-08-11

📋Vendor Advisories

10
Red Hat
argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow2024-03-18
Microsoft
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificat2021-08-10
Palo Alto
Cortex XDR Agent: Exceptional condition denial-of-service (DoS)2020-12-09
Cisco
Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability2020-08-26
Oracle
Oracle Oracle E-Business Suite Risk Matrix: Setup of Mobile Applications — CVE-2020-145992020-07-15

💬Community

7
Bugzilla
CVE-2020-14678 community-mysql: mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) [fedora-all]2020-08-10
Bugzilla
CVE-2020-14402 libvncserver: libvncserver/corre.c allows out-of-bounds access via encodings [epel-7]2020-07-24
Bugzilla
CVE-2020-10177 python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c2020-07-01
Bugzilla
CVE-2020-12135 mongo-c-driver: bson: integer overflow in bson_ensure_space() parameter bytesNeeded [epel-all]2020-05-12
Bugzilla
CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 mariadb:10.3/mariadb: various flaws [fedora-all]2020-04-30
CVE-2020-2020 — Palo vulnerability | cvebase