CVE-2020-2049Uncontrolled Search Path Element in Paloaltonetworks Cortex XDR Agent

CWE-427Uncontrolled Search Path Element4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 88.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Paloaltonetworks Cortex XDR AgentPalo Alto Networks Cortex XDR AgentPaloalto Cortex XDR Agent
Timeline
PublishedDec 9
Latest updateMay 24

Description

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDpaloaltonetworks/cortex_xdr_agent7.1.17.1.3+3
CVEListV5palo_alto_networks/cortex_xdr_agent7.1.* without content update 150, 7.2.* without content update 150+1

🔴Vulnerability Details

2
GHSA
GHSA-pjv3-5grh-rmm4: A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Wi2022-05-24
CVEList
Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation2020-12-09

📋Vendor Advisories

1
Palo Alto
Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation2020-12-09
CVE-2020-2049 — Uncontrolled Search Path Element | cvebase